HIGH🇵🇱 Wersja polska

CVE-2020-10252

CVSS 8.3v3.1pub. 2021-02-19upd. 2024-11-21

An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
  • Owncloud

    APP
    Owncloud
    < 10.4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRFDoS
CWE
References

Related vulnerabilities

CVE-2021-35946CRITICAL9.8ten sam produkt

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the...

CVE-2020-28645CRITICAL9.1ten sam produkt

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow us...

CVE-2014-2052CRITICAL9.8ten sam produkt

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to re...

CVE-2014-2048CRITICAL9.8ten sam produkt

The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an...

CVE-2022-31649HIGH7.5ten sam produkt

ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.