- Risk: medium
- CVSS v3 Base Score: 5.3
- CVSS v3 Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
- CWE ID: CWE-114
- CWE Name: Process Control
Description
The released desktop client was loading development plugins from certain directories when they were present.
Affected
- ownCloud/client version < 2.7 (CVE-2020-28646)
Action taken
Only set plugin search path in dev builds