Vulnerability Details CVE-2023-49105
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.869
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-49105
-
cpe:2.3:a:owncloud:owncloud_server:10.10.0
-
cpe:2.3:a:owncloud:owncloud_server:10.11.0
-
cpe:2.3:a:owncloud:owncloud_server:10.12.0
-
cpe:2.3:a:owncloud:owncloud_server:10.12.1
-
cpe:2.3:a:owncloud:owncloud_server:10.12.2
-
cpe:2.3:a:owncloud:owncloud_server:10.13.0
-
cpe:2.3:a:owncloud:owncloud_server:10.6.0
-
cpe:2.3:a:owncloud:owncloud_server:10.7.0
-
cpe:2.3:a:owncloud:owncloud_server:10.8.0
-
cpe:2.3:a:owncloud:owncloud_server:10.9.0
-
cpe:2.3:a:owncloud:owncloud_server:10.9.1