VDB

CVE-2021-29659

CVE-2021-29659 PUBLISHED CVSS 6.5 MEDIUM

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance.

EPSS 0.40% · 60.8th percentile

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.40%
60.8th percentile

Affected Products

VendorProductVersions
n/an/an/a
owncloudowncloud_server10.7.0

Timeline

  • May 20, 2021 CVE Published
  • May 21, 2021 EPSS Score
  • Jul 23, 2021 EPSS Score
  • Sep 23, 2021 EPSS Score
  • Nov 23, 2021 EPSS Score
  • Jan 24, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 26, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 27, 2022 EPSS Score
  • Jul 28, 2022 EPSS Score
  • Sep 28, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›