Vulnerabilities > CVE-2021-29659 - Unspecified vulnerability in Owncloud 10.7.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |