Description

The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.

Remediation

References

CVE-2021-35949

Related Vulnerabilities

Python Numeric Errors Vulnerability (CVE-2010-1634)

WordPress Plugin Photoswipe Masonry Gallery Unspecified Vulnerability (1.2.17)

MySQL CVE-2019-2693 Vulnerability (CVE-2019-2693)

Drupal Core 8.x.x Security Bypass (8.0.0 - 8.7.14)

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2939)

Severity

Medium

Classification

CVE-2021-35949 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities