Share:

CVE-2020-28645 - Owncloud Owncloud

February 10, 2021

Critical 9.1

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.

Affected software

Owncloud Owncloud

Reference links

https://owncloud.com/security-advisories/missing-user-validation-leading-to-information-disclosure/

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.