Contact
Search Get started

DLL injection in the ownCloud Desktop Client

Feb 23, 2021

  • Risk: medium
  • CVSS v3 Base Score: 5.3
  • CVSS v3 Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
  • CWE ID: CWE-114
  • CWE Name: Process Control

Description

The released desktop client was loading development plugins from certain directories when they were present.

Affected

  • ownCloud/client version < 2.7 (CVE-2020-28646)

Action taken

Only set plugin search path in dev builds