Description

An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.

Remediation

References

CVE-2020-10254

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0792)

PHP Numeric Errors Vulnerability (CVE-2008-1384)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions 'memberslist-csv.php' Information Disclosure (1.4.9)

WordPress Plugin CloudFlare Multiple Unspecified Vulnerabilities (1.1.6)

WordPress Plugin VikRentCar Car Rental Management System Cross-Site Request Forgery (1.1.6)

Severity

Medium

Classification

CVE-2020-10254 CWE-287 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities