CVE-2021-35946 | Severity.io

Description

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.

Related CPE's

owncloud

Vulnerable

References

https://doc.owncloud.com/server/admin_manual/release_notes.html

Release NotesVendor Advisory

https://owncloud.com/security-advisories/cve-2021-35946/

Vendor Advisory

https://doc.owncloud.com/server/admin_manual/release_notes.html

Release NotesVendor Advisory

https://owncloud.com/security-advisories/cve-2021-35946/

Vendor Advisory

Weaknesses

[email protected]

Primary

CWE-269

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-09-07T18:15:07.673Z

4 years ago

Last modified

2024-11-21T05:12:48.523Z

1 year ago