- Risk: medium
- CVSS v3 Base Score: 5.7
- CVSS v3 Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
- CWE ID: CWE-266
- CWE Name: Incorrect Privilege Assignment
- CVE: CVE-2021-35946
Description
The receiver of a federated share could update the permissions granted to the receivers of the share.
Affected
- core < 10.8.0
Action taken
Properly check permissions so that only the share owner can update the granted permissions.