Vulnerability Name: | CVE-2021-35947 (CCN-208921) | ||||||||||||
Assigned: | 2021-08-02 | ||||||||||||
Published: | 2021-08-02 | ||||||||||||
Updated: | 2021-09-14 | ||||||||||||
Summary: | The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL. | ||||||||||||
CVSS v3 Severity: | 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) 4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-209 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-35947 Source: MISC Type: Release Notes, Vendor Advisory https://doc.owncloud.com/server/admin_manual/release_notes.html Source: XF Type: UNKNOWN owncloud-cve202135947-info-disc(208921) Source: CCN Type: ownCloud Web site Full path and username disclosure in public links Source: MISC Type: Vendor Advisory https://owncloud.com/security-advisories/cve-2021-35947/ | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |