Description

The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.

Remediation

References

CVE-2021-35949

Related Vulnerabilities

WordPress Plugin 10Web Social Feed for Instagram Security Bypass (1.3.18)

WebLogic CVE-2017-10178 Vulnerability (CVE-2017-10178)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.14)

WordPress Plugin Abandoned Cart Lite for WooCommerce SQL Injection (1.8)

Grafana Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-13379)

Severity

Medium

Classification

CVE-2021-35949 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities