CVE-2020-36252

MEDIUM

ownCloud Server <10.3.1 - Info Disclosure

Title source: llm

Description

ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.

References (1)

[Vendor Advisory] https://owncloud.com/security-advisories/access-to-all-file-versions/

Scores

CVSS v3 6.8

EPSS 0.0009

EPSS Percentile 24.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Classification

CWE

CWE-330

Status published

Affected Products (1)

owncloud/owncloud_server < 10.3.1

Timeline

Published Feb 19, 2021

Tracked Since Feb 18, 2026