CVE-2020-28645

Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.

Published: Feb 9, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-28645
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
owncloud / owncloud	-	10.6.0

https://owncloud.com/security-advisories/missing-user-validation-leading-to-information-disclosure/

Vulnerability Database

289,697

CVE-2020-28645