Access Control Flaw in ownCloud Server
CVE-2020-36251

3.5LOW

Key Information:

Vendor: Owncloud
Status: Owncloud
Vendor: CVE Published:; 19 February 2021

What is CVE-2020-36251?

An access control vulnerability exists in ownCloud Server versions before 10.3.0 that allows a non-administrative user with group share access to remove access for all other users in the group. This flaw could result in unauthorized loss of access, affecting collaborative functionality and user data availability.

References

https://owncloud.com/security-advisories/deleting-receive...

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2021
Vulnerability Reserved
Feb 19, 2021

Owncloud

What is CVE-2020-36251?

References

CVSS V3.1

Timeline