VYPR
Unrated severityNVD Advisory· Published Nov 21, 2023· Updated Aug 29, 2024

CVE-2023-49105

CVE-2023-49105

Description

An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OwnCloud/Owncloudcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <10.13.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.