- Risk: low
- CVSS v3 Base Score: 4.3
- CVSS v3 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CWE ID: CWE-209
- CWE Name: Generation of Error Message Containing Sensitive Information
- CVE: CVE-2021-35947
Description
By appending certain characters to the query parameters of a public share link an error could be triggered which would display the internal path and username of the share owner.
Affected
- core < 10.8.0
Action taken
Properly handle the error and show a generic error message.