CVE-2021-35948

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-35948

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-35948.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-35948

Published

2021-09-07T20:15:07.720Z

Modified

2025-11-20T11:48:19.171889Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.

References

Affected packages

Git / github.com/owncloud/core

Affected ranges

Type: GIT
Repo: https://github.com/owncloud/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ff4292104e374ef188059791367f9490d402df96

Affected versions

v1.*

v1.0.0beta1

v1.0RC1

v1.1

v10.*

v10.0.0

v10.0.0RC1

v10.0.0RC2

v10.0.0RC3

v10.0.0RC4

v10.0.0RC5

v10.0.0alpha

v10.0.0beta

v10.0.0beta2

v10.0.1

v10.0.10

v10.0.10RC1

v10.0.10RC2

v10.0.10RC3

v10.0.10RC4

v10.0.1RC1

v10.0.1RC2

v10.0.1RC3

v10.0.1RC4

v10.0.1RC5

v10.0.2

v10.0.2RC1

v10.0.3

v10.0.3RC1

v10.0.3beta

v10.0.3beta2

v10.0.4

v10.0.4RC1

v10.0.4RC2

v10.0.4beta1

v10.0.4beta2

v10.0.5

v10.0.5RC1

v10.0.5RC2

v10.0.5RC3

v10.0.5RC4

v10.0.8

v10.0.8RC1

v10.0.8RC2

v10.0.8RC3

v10.0.8RC4

v10.0.9

v10.0.9RC1

v10.0.9RC2

v10.0.9RC3

v10.0.9RC4

v10.0.9beta

v10.0beta2

v10.1.0

v10.1.0RC1

v10.1.0RC2

v10.1.0beta

v10.3.0

v10.3.0RC1

v10.3.0alpha

v10.3.0alpha2

v10.3.1

v10.3.1RC1

v10.3.2

v10.3.2RC1

v10.4.0

v10.4.0RC1

v10.4.0RC2

v10.4.0RC3

v10.5.0beta1

v10.5.0beta2

v10.6.0

v10.6.0RC1

v10.6.0RC2

v10.6.0RC3

v10.6.0beta1

v10.7.0

v10.7.0RC1

v10.7.0RC2

v10.7.0beta2

v10.8.0RC1

v10.8.0beta2

v2.*

v2.0beta3

v3.*

v3.0

v3.0RC1

v3.0alpha1

v4.*

v4.0.0

v4.0.0RC

v4.0.0RC2

v4.0.0beta

v4.0.1

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.5.0

v4.5.0RC1

v4.5.0RC2

v4.5.0RC3

v4.5.0beta1

v4.5.0beta2

v4.5.0beta3

v4.5.0beta4

v5.*

v5.0.0

v5.0.0RC1

v5.0.0RC2

v5.0.0RC3

v5.0.0alpha1

v5.0.0beta1

v5.0.0beta2

v6.*

v6.0.0RC1

v6.0.0RC2

v6.0.0alpha2

v6.0.0beta2

v6.0.0beta3

v6.0.0beta4

v6.0.0beta5

v7.*

v7.0.0alpha2

v7.0.0beta1

v8.*

v8.0.0

v8.0.0RC1

v8.0.0RC2

v8.0.0alpha1

v8.0.0alpha2

v8.0.0beta1

v8.0.0beta2

v8.1.0alpha1

v8.1.0alpha2

v8.1.0beta1

v8.1.0beta2

v8.1RC2

v8.2RC1

v8.2beta1

v9.*

v9.0.0beta2

v9.0.1beta2

v9.0beta1

v9.1.0RC1

v9.1.0beta1

v9.1.0beta2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-35948.json"