Platform: ownCloud Server
Risk level: High
CVSS v3 Base Score: 8 (Improper Privilege Management (CWE-269)
An Attacker can extend the permission of a received subfolder share using the ocs api. Additional risk exists because the previlege extension is also possible on public-shares.
- ownCloud Server < 10.2.1 (CVE-2019-????)
Added better checks which prevent extending the permission to OCS-API.
Your secure file platform
Boost your productivity and enable collaboration within your organization.
The backbone of secure file sharing
Our software as a service solution. Hosted securely in Germany.
Ready in a glimpse.
Download Mobile Apps
Bring your productivity game to the next level. Download our Android or iOS app from the app stores.