Vulnerabilities > CVE-2021-29659 - Unspecified vulnerability in Owncloud 10.7.0

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

owncloud

NVD

Published: 2021-05-20

Updated: 2022-07-12

Summary

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance.

Vulnerable Configurations

Part	Description	Count
Application	Owncloud Owncloud Owncloud 10.7.0	1

References

https://owncloud.com/security-advisories/cve-2021-29659/
https://doc.owncloud.com/server/admin_manual/release_notes.html