Authentication Bypass Using Pre-signed URLs

Apr 19, 2024

  • Risk: high
  • CVSS v3 Base Score: 7.5
  • CVSS v3 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X
  • CWE ID: 284
  • CWE Name: Improper Access Control
  • CVE: CVE-2024-26321

Description

Improper validation may allow an attacker to bypass authentication and gain access to users’ files. Prior knowledge of a username and a file path is needed in order to gain access to a certain file.

Affected

  • oCIS <4.0.6

Action taken

Upgrade ownCloud Infinite Scale to version 4.0.6 or above