Normal user can somehow make admin to delete shared folders

Platform: ownCloud Server

Versions: 10.0.2,

Date: 5/31/2017

Risk level: Medium

CVSS v3 Base Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

CWE: Improper Privilege Management (CWE-269)

HackerOne report: 166581

Description

A Attacker is logged in as a normal user and can somehow make admin to delete shared folders

Affected Software

  • ownCloud Server < 10.0.2 (CVE-2017-9340)

Action Taken

Adjust privileges

Acknowledgements

The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:

  • Elamaran Venkatraman – Vulnerability discovery and disclosure.

Your secure file platform

Boost your productivity and enable collaboration within your organization. 

Install Server

The backbone of secure file sharing

Start Online

Our software as a service solution. Hosted securely in Germany.
Ready in a glimpse.

Download Mobile Apps

Bring your productivity game to the next level. Download our Android or iOS app from the app stores.