- Risk: high
- CVSS v3 Base Score: 7.5
- CVSS v3 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X
- CWE ID: 284
- CWE Name: Improper Access Control
- CVE: CVE-2024-26321
Description
Improper validation may allow an attacker to bypass authentication and gain access to users’ files. Prior knowledge of a username and a file path is needed in order to gain access to a certain file.
Affected
- oCIS <4.0.6
Action taken
Upgrade ownCloud Infinite Scale to version 4.0.6 or above