ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-05-20T12:46:20
Updated: 2024-08-03T22:11:06.357Z
Reserved: 2021-03-31T00:00:00
Link: CVE-2021-29659
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-05-20T13:15:07.627
Modified: 2024-11-21T06:01:35.870
Link: CVE-2021-29659
Redhat
No data.