- Risk: medium
- CVSS v3 Base Score: 4.3
- CVSS v3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- CWE ID: 235
- CWE Name: Improper Handling of Extra Parameters
- CVE: CVE-2024-37009
Description
Improper handling of URL in sharing notification may allow an authenticated attacker to send an email to another user containing a potentially malicious URL.
Affected
- ownCloud (owncloud/core) <10.15.0
Action taken
Upgrade ownCloud 10 Server to version 10.15.0 or above
Credits
The ownCloud Team would like to thank Gilles Petit for discovering these vulnerabilities.