Description

ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.

Remediation

References

CVE-2020-36252

Related Vulnerabilities

Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-36396)

WordPress Plugin JW Player for Flash & HTML5 Video Cross-Site Request Forgery (2.1.3)

WordPress Plugin NotificationX-WooCommerce Sales Notification Popup, Custom & Live Sales Notification, FOMO, Social Proof, Announcement Banner & Sticky Notification Bar Cross-Site Request Forgery (1.8.2)

WordPress Plugin Zero BS WordPress CRM Cross-Site Request Forgery (2.99.9)

CakePHP Deserialization of Untrusted Data Vulnerability (CVE-2019-11458)

Severity

Medium

Classification

CVE-2020-36252 CWE-668 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities