Description
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.
Remediation
References
Related Vulnerabilities
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7873)
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2018-1302)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0701)
Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.23)
Jenkins Improper Access Control Vulnerability (CVE-2015-5325)