CVE-2021-35949Incorrect Authorization in Owncloud

CWE-863Incorrect Authorization3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 60.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Owncloud
Timeline
PublishedSep 7
Latest updateMay 24

Description

The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDowncloud/owncloud< 10.8.0

🔴Vulnerability Details

2
GHSA
GHSA-w8px-4rp9-9f6w: The shareinfo controller in the ownCloud Server before 102022-05-24
CVEList
CVE-2021-35949: The shareinfo controller in the ownCloud Server before 102021-09-07
CVE-2021-35949 — Incorrect Authorization in Owncloud | cvebase