Improper Validation in the User Profile Metadata

Apr 19, 2024

  • Risk: low
  • CVSS v3 Base Score: 4.3
  • CVSS v3 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/CR:X/IR:X/AR:X
  • CWE ID: 20
  • CWE Name: Improper Input Validation
  • CVE: CVE-2024-26325

Description

Improper Validation in the User Profile Metadata may allow an authenticated attacker to edit their own profile in a way that consumes a substantial amount of resources, creating a Denial of Service.

Affected

  • ownCloud (owncloud/core) <10.14.0

Action taken

Upgrade ownCloud 10 Server to version 10.14.0 or above