CVE-2021-29659
First published: Thu May 20 2021(Updated: )
ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ownCloud ownCloud | =10.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-29659?
CVE-2021-29659 is an incorrect access control vulnerability in ownCloud 10.7, which can lead to remote information disclosure.
How does CVE-2021-29659 work?
CVE-2021-29659 allows an attacker to enumerate all users in a single request by entering three whitespaces due to a bug in the related API endpoint.
What is the severity of CVE-2021-29659?
CVE-2021-29659 has a severity value of 6.5, which is considered medium.
How do I fix CVE-2021-29659?
To fix CVE-2021-29659, you should update ownCloud to version 10.7.1 or later as recommended by the vendor.
Where can I find more information about CVE-2021-29659?
You can find more information about CVE-2021-29659 in the ownCloud server release notes and the official ownCloud security advisories.
- collector/nvd-index
- vendor/owncloud
- canonical/owncloud owncloud
- version/owncloud owncloud/10.7.0