Normal user can somehow make admin to delete shared folders

May 31, 2017

Description

An attacker is logged in as a normal user and can somehow make admin to delete shared folders

Affected Software

  • ownCloud Server < 10.0.2 (CVE-2017-9340)

Action Taken

Adjust privileges

Acknowledgements

The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:

  • Elamaran Venkatraman – Vulnerability discovery and disclosure.