- Platform: ownCloud Server
- Versions: 10.0.2
- Date: 5/31/2017
- Risk level: Medium
- CVSS v3 Base Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
- CWE: Improper Privilege Management (CWE-269)
- HackerOne report: 166581
Description
An attacker is logged in as a normal user and can somehow make admin to delete shared folders
Affected Software
- ownCloud Server < 10.0.2 (CVE-2017-9340)
Action Taken
Adjust privileges
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Elamaran Venkatraman – Vulnerability discovery and disclosure.