CVE-2021-35949
Publication date 7 September 2021
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.
Status
Package | Ubuntu Release | Status |
---|---|---|
owncloud | 22.04 LTS jammy | Not in release |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored end of standard support | |
14.04 LTS trusty | Not in release |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 · Medium |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |