- Risk: medium
- CVSS v3 Base Score: 4.3
- CVSS v3 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/CR:X/IR:X/AR:X
- CWE ID: 20
- CWE Name: Improper Input Validation
- CVE: CVE-2024-26326
Description
Improper Validation in the User’s Avatar Mechanism may allow an authenticated attacker to edit their own profile in a way that consumes a substantial amount of resources, creating a Denial of Service.
Affected
- ownCloud (owncloud/core) <10.14.0
Action taken
Upgrade ownCloud 10 Server to version 10.14.0 or above