Vulnerabilities > CVE-2020-36252 - Exposure of Resource to Wrong Sphere vulnerability in Owncloud

CVSS 2.7 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

low complexity

owncloud

CWE-668

NVD

Published: 2021-02-19

Updated: 2021-07-21

Summary

ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.

Vulnerable Configurations

Part	Description	Count
Application	Owncloud Owncloud Owncloud 10.0.9 Owncloud Owncloud 10.0.10 Owncloud Owncloud 10.1.0 Owncloud Owncloud 10.1.1 Owncloud Owncloud 10.2.0 Owncloud Owncloud 10.2.1 Owncloud Owncloud 10.3.0	30

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://owncloud.com/security-advisories/access-to-all-file-versions/