Design/Logic Flaw

2021-02-1907:15:00

PRIOn knowledge base

www.prio-n.com

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else’s access to that share.

CPENameOperatorVersion
owncloudlt10.3.0

CPE	Name	Operator	Version
	owncloud	lt	10.3.0

References

owncloud.com/security-advisories/deleting-received-group-share-for-whole-group/