CVE-2021-35949
Description
The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.176
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-35946,CVE-2021-35947,CVE-2021-35949 are affected in ownCloud 10.7.0 | Windows |
| Vulnerabilities CVE-2021-35946,CVE-2021-35947,CVE-2021-35948,CVE-2021-35949 are affected in ownCloud 10.7.99 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-339158 | ownCloud (5.3.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234