CVE-2021-35949
First published: Tue Sep 07 2021(Updated: )
The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ownCloud ownCloud | <10.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-35949.
What is the severity level of CVE-2021-35949?
CVE-2021-35949 has a severity level of medium (5.3).
How can an attacker exploit CVE-2021-35949?
An attacker can exploit CVE-2021-35949 by bypassing permission checks for upload only shares and listing metadata about the share.
Which software versions are affected by CVE-2021-35949?
The ownCloud Server versions before 10.8.0 are affected by CVE-2021-35949.
How can I fix CVE-2021-35949?
To fix CVE-2021-35949, upgrade to ownCloud Server version 10.8.0 or later.
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/owncloud
- canonical/owncloud owncloud