Contact
Search Get started

Federated share recipient can increase permissions

Aug 2, 2021

  • Risk: medium
  • CVSS v3 Base Score: 5.7
  • CVSS v3 Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
  • CWE ID: CWE-266
  • CWE Name: Incorrect Privilege Assignment
  • CVE: CVE-2021-35946

Description

The receiver of a federated share could update the permissions granted to the receivers of the share.

Affected

  • core < 10.8.0

Action taken

Properly check permissions so that only the share owner can update the granted permissions.