Your vote counts We need your help!

< go back to overview

Possibility to extend internal share permissions using the API

Platform: ownCloud Server

Versions: 10,

Date: 7/25/2019

Risk level: Medium

CVSS v3 Base Score: 6 (Improper Privilege Management (CWE-269)

Description

An Attacker can extend the permission of a received internal-share using the ocs-api. Check is currently only done in the UI.

Affected Software

Action Taken

Added better checks which prevent extending the permission to OCS-API.

Share this