Vulnerability Description
The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Owncloud | Owncloud | < 10.8.0 |
Related Weaknesses (CWE)
References
- https://doc.owncloud.com/server/admin_manual/release_notes.htmlRelease NotesVendor Advisory
- https://owncloud.com/security-advisories/cve-2021-35949/Vendor Advisory
- https://doc.owncloud.com/server/admin_manual/release_notes.htmlRelease NotesVendor Advisory
- https://owncloud.com/security-advisories/cve-2021-35949/Vendor Advisory
FAQ
What is CVE-2021-35949?
CVE-2021-35949 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.
How severe is CVE-2021-35949?
CVE-2021-35949 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35949?
Check the references section above for vendor advisories and patch information. Affected products include: Owncloud Owncloud.