CyberSec.Space Logo
Back to CVE Browser

CVE-2021-35946

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1490%
EPSS Percentile6.52th
PublishedSep 7, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.

Affected Platforms (CPE)

πŸ“¦
Owncloud

Owncloud

< 10.8.0

References & Advisories

πŸ”— https://doc.owncloud.com/server/admin_manual/release_notes.html
πŸ”— https://owncloud.com/security-advisories/cve-2021-35946/
πŸ”— https://doc.owncloud.com/server/admin_manual/release_notes.html
πŸ”— https://owncloud.com/security-advisories/cve-2021-35946/

Related Vulnerabilities

CVE-2015-471610.0

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on...

CVE-2019-253379.8

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulatin...

CVE-2014-20489.8

The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID imp...

CVE-2014-20529.8

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, ...