- Risk: medium
- CVSS v3 Base Score: 5.7
- CVSS v3 Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
- CWE ID: CWE-212
- CWE Name: Improper Removal of Sensitive Information Before Storage or Transfer
- CVE: CVE-2022-31649
Description
The settings page and some API responses of a few ownCloud apps contained plaintext credentials.
Affected
- ownCloud server < 10.10.0
Action taken
Remove the sensitive values from the HTML and API responses.