CVE-2020-36252 MEDIUM

CVE-2020-36252

Vendor N/A
Product n/a
Published February 19, 2021
Last update August 4, 2024

CVSS base score

6.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AC:L/AV:A/A:N/C:H/I:N/PR:L/S:C/UI:N

What the vulnerability does

01Description

ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.

Key dates

02Disclosure timeline

February 19, 2021 CVE published
August 4, 2024 Record updated