Improper validation in the User’s avatar mechanism

Owncloud Security Advisory

  • Risk: medium
  • CVSS v3 Base Score: 4.3
  • CVSS v3 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/CR:X/IR:X/AR:X
  • CWE ID: 20
  • CWE Name: Improper Input Validation
  • CVE: CVE-2024-26326

Description

Improper validation in the User’s avatar mechanism may allow an authenticated attacker to edit their own profile in a way that consumes a substantial amount of resources, creating a Denial of Service.

Affected

  • ownCloud (owncloud/core) <10.14.0

Action taken

Upgrade ownCloud 10 Server to version 10.14.0 or above

READ MORE