Resource Injection Vulnerability in ownCloud Desktop Client
CVE-2021-44537

7.8HIGH

Key Information:

Vendor

Owncloud

Status
Owncloud Desktop Client
Vendor
CVE Published:
15 January 2022

What is CVE-2021-44537?

A critical security flaw exists in previous versions of the ownCloud desktop client that allows a malicious server to inject resources via a URL. This vulnerability can lead to unauthorized remote code execution on the client system, posing significant risks to user data integrity and system security. Users of ownCloud Client versions prior to 2.9.2 are advised to update immediately to mitigate potential threats.

References

https://owncloud.com/security-advisories/cve-2021-44537/
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.