Description
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.
Remediation
References
Related Vulnerabilities
Drupal Files or Directories Accessible to External Parties Vulnerability (CVE-2017-6922)
WordPress Plugin Parallax Scroll Cross-Site Scripting (2.0.1)
WordPress Plugin WP FuneralPress Multiple Cross-Site Scripting Vulnerabilities (1.1.6)
MySQL CVE-2020-2580 Vulnerability (CVE-2020-2580)
Family Connections Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4338)