CVE-2020-16144
First published: Tue Feb 09 2021(Updated: )
When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the files_antivirus component versions before 0.15.2 for ownCloud.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Owncloud Files Antivirus | <0.15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-16144?
CVE-2020-16144 is a vulnerability that affects Owncloud Files Antivirus versions up to 0.15.2.
How does CVE-2020-16144 affect the user?
CVE-2020-16144 allows anonymous users to upload files with viruses to a publicly accessible folder, and the antivirus app fails to delete the virus due to permission issues.
What is the severity of CVE-2020-16144?
The severity of CVE-2020-16144 is medium, with a severity value of 5.7.
How can I fix CVE-2020-16144?
To fix CVE-2020-16144, update to a version of Owncloud Files Antivirus that is higher than 0.15.2.
Where can I find more information about CVE-2020-16144?
You can find more information about CVE-2020-16144 in the [Owncloud security advisories](https://owncloud.com/security-advisories/files-antivirus-doesnt-delete-virus-if-uploaded-through-public-link/).
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/owncloud
- canonical/owncloud files antivirus