CVE-2021-29659

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-29659

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29659.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-29659

Published

2021-05-20T13:15:07.627Z

Modified

2026-05-30T23:27:04.296532Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance.

References

Affected packages

Git / github.com/owncloud/core

Affected ranges

Type

GIT

Repo

https://github.com/owncloud/core

Events

Introduced

Last affected

119742ed5f9c01fd8fdae86457fd573533063a83

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.7.0-NA"
        }
    ],
    "cpe": "cpe:2.3:a:owncloud:owncloud_server:10.7.0:-:*:*:*:*:*:*",
    "source": "CPE_STRING"
}

Affected versions

v1.*

v1.0.0beta1

v10.*

v10.0.0

v10.0.0RC1

v10.0.0RC2

v10.0.0RC3

v10.0.0RC4

v10.0.0RC5

v10.0.0alpha

v10.0.0beta

v10.0.0beta2

v10.0.1

v10.0.10

v10.0.10RC1

v10.0.10RC2

v10.0.10RC3

v10.0.10RC4

v10.0.1RC1

v10.0.1RC2

v10.0.1RC3

v10.0.1RC4

v10.0.1RC5

v10.0.2

v10.0.2RC1

v10.0.3

v10.0.3RC1

v10.0.3beta

v10.0.3beta2

v10.0.4

v10.0.4RC1

v10.0.4RC2

v10.0.4beta1

v10.0.4beta2

v10.0.5

v10.0.5RC1

v10.0.5RC2

v10.0.5RC3

v10.0.5RC4

v10.0.8

v10.0.8RC1

v10.0.8RC2

v10.0.8RC3

v10.0.8RC4

v10.0.9

v10.0.9RC1

v10.0.9RC2

v10.0.9RC3

v10.0.9RC4

v10.0.9beta

v10.0beta2

v10.1.0

v10.1.0RC1

v10.1.0RC2

v10.1.0beta

v10.3.0alpha

v10.3.0alpha2

v10.6.0beta1

v10.7.0

v10.7.0RC1

v10.7.0RC2

v10.7.0beta2

v3.*

v3.0

v4.*

v4.0.0

v4.0.0RC

v4.0.0RC2

v4.0.0beta

v4.0.1

v4.0.4

v4.0.5

v4.0.6

v4.5.0

v4.5.0RC1

v4.5.0RC2

v4.5.0RC3

v4.5.0beta3

v4.5.0beta4

v5.*

v5.0.0

v5.0.0RC1

v5.0.0RC2

v5.0.0RC3

v5.0.0alpha1

v5.0.0beta1

v5.0.0beta2

v6.*

v6.0.0RC1

v6.0.0RC2

v6.0.0alpha2

v6.0.0beta2

v6.0.0beta3

v6.0.0beta4

v6.0.0beta5

v7.*

v7.0.0alpha2

v7.0.0beta1

v8.*

v8.0.0

v8.0.0RC1

v8.0.0RC2

v8.0.0alpha1

v8.0.0alpha2

v8.0.0beta1

v8.0.0beta2

v8.1.0alpha1

v8.1.0alpha2

v8.1.0beta1

v8.1.0beta2

v8.1RC2

v8.2RC1

v8.2beta1

v9.*

v9.0.0beta2

v9.0.1beta2

v9.0beta1

v9.1.0RC1

v9.1.0beta1

v9.1.0beta2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29659.json"