Vulnerabilities > CVE-2021-35949 - Incorrect Authorization vulnerability in Owncloud

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
owncloud
CWE-863

Summary

The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.

Vulnerable Configurations

Part Description Count
Application
Owncloud
619

Common Weakness Enumeration (CWE)