CVE-2020-36251

LOW

ownCloud Server <10.3.0 - Info Disclosure

Title source: llm

Description

ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.

References (1)

[Vendor Advisory] https://owncloud.com/security-advisories/deleting-received-group-share-for-whole-group/

Scores

CVSS v3 3.5

EPSS 0.0021

EPSS Percentile 43.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Classification

Status published

Affected Products (1)

owncloud/owncloud < 10.3.0

Timeline

Published Feb 19, 2021

Tracked Since Feb 18, 2026