- Platform: ownCloud Server
- Versions: 10.2.0
- Date: 2/28/2020
- Risk: Low
- CVSS v3 Base Score: 3.5
- CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
- CWE ID: 385
- CWE Name: Improper Privilege Management
Description
A group-share recipient can remove the received group share for all group-recipients.
No data-loss occurs as the share can be re-created again.
Affected Versions
- owncloud/core < v10.3.0
Action taken
Improve permission check when deleting groups.