Bypassing File Firewall (oC-SA-2020-002)

Aug 3, 2020

  • Platform: ownCloud Server
  • Versions: n/a
  • Date: 8/3/2020
  • Risk: Low
  • CVSS v3 Base Score: 1.6
  • CVSS v3 Vector: AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N
  • CWE ID: CWE-791
  • CWE Name: Incomplete Filtering of Special Elements

Description

When a share to a folder with upload rights was created it was possible to upload files of a type which were disallowed by the firewall.

Affected

  • File Firewall < 2.8.0

Action taken

Correctly detect file type also for public shares.