返回 CVE 浏览器

CVE-2021-35946

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1490%

EPSS Percentile6.52th

Published2021年9月7日

Last Modified2024年11月21日

Vulnerability Description

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.

Affected Platforms (CPE)

📦

Owncloud

Owncloud

< 10.8.0

References & Advisories

🔗 https://doc.owncloud.com/server/admin_manual/release_notes.html

🔗 https://owncloud.com/security-advisories/cve-2021-35946/

🔗 https://doc.owncloud.com/server/admin_manual/release_notes.html

🔗 https://owncloud.com/security-advisories/cve-2021-35946/

相关漏洞威胁

CVE-2015-471610.0

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on...

CVE-2019-253379.8

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulatin...

CVE-2014-20489.8

The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID imp...

CVE-2014-20529.8

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, ...