6.8 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.9%
The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL.
doc.owncloud.com/server/admin_manual/release_notes.html
owncloud.com/security-advisories/cve-2021-35947/