CVE-2021-35949

Опубликовано: 07 сент. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.

Ссылки

https://doc.owncloud.com/server/admin_manual/release_notes.html
Release Notes
Vendor Advisory
https://owncloud.com/security-advisories/cve-2021-35949/
Vendor Advisory
https://doc.owncloud.com/server/admin_manual/release_notes.html
Release Notes
Vendor Advisory
https://owncloud.com/security-advisories/cve-2021-35949/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*

Версия до 10.8.0 (исключая)

EPSS

Процентиль: 39%

0.00176

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

CVE-2021-35949

CVSS3: 5.3

ubuntu

больше 4 лет назад

The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.

CVE-2021-35949

CVSS3: 5.3

debian

больше 4 лет назад

The shareinfo controller in the ownCloud Server before 10.8.0 allows a ...

GHSA-w8px-4rp9-9f6w

github

больше 3 лет назад

The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.

EPSS

Процентиль: 39%

0.00176

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-863