Main Vulnerability Database SB2020080408

SB2020080408 - Incomplete Filtering of Special Elements in File Firewall for ownCloud Server

Published: August 4, 2020

Security Bulletin ID SB2020080408

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incomplete Filtering of Special Elements (CVE-ID: N/A)

The vulnerability allows a remote attacker to bypass the firewall.

The vulnerability exists due to the affected software does not completely filter special elements before sending it to a downstream component. A remote attacker can create a share to a folder with upload rights and upload files of a type which were disallowed by the firewall

Remediation

Install update from vendor's website.

References

https://owncloud.org/security/advisories/bypassing-file-firewall/