Possibility to extend internal share permissions using the API
Platform: ownCloud Server
Risk level: Medium
CVSS v3 Base Score: 6 (Improper Privilege Management (CWE-269)
An Attacker can extend the permission of a received internal-share using the ocs-api. Check is currently only done in the UI.
- ownCloud Server < 10.2.1 (CVE-2019-????)
Added better checks which prevent extending the permission to OCS-API.