Back to search
CVE-2021-29659
Published: May 20, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://doc.owncloud.com/server/admin_manual/release_notes.html
x_refsource_MISC
https://owncloud.com/security-advisories/cve-2021-29659/
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now