CVE-2020-16144
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the files_antivirus component versions before 0.15.2 for ownCloud.
Cuando se usa un almacenamiento de objetos tipo S3 como almacén de archivos, cuando un usuario crea un enlace público en una carpeta donde usuarios anónimos pueden cargar archivos, y otro usuario carga un virus, la aplicación antivirus de archivos detectaría el virus pero no lo elimina debido a problemas de permisos. Esto afecta a versiones del componente files_antivirus anteriores a 0.15.2 para ownCloud
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-07-29 CVE Reserved
- 2021-02-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Owncloud Search vendor "Owncloud" | Files Antivirus Search vendor "Owncloud" for product "Files Antivirus" | < 0.15.2 Search vendor "Owncloud" for product "Files Antivirus" and version " < 0.15.2" | - |
Affected
| ||||||