Denial of Service in Comments API

Apr 19, 2024

  • Risk: medium
  • CVSS v3 Base Score: 4.3
  • CVSS v3 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/CR:X/IR:X/AR:X
  • CWE ID: 20
  • CWE Name: Improper Input Validation
  • CVE: CVE-2024-26320

Description

Insufficient input validation in the Comments Plugin may allow an authenticated attacker to cause a Denial of Service.

Affected

  • core <10.13.3

Action taken

Upgrade ownCloud 10 Server to version 10.13.3 or above