Login Sign Up

CVE-2021-35946

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

In ownCloud versions before 10.8, a user with access to a federated share and the database can modify permissions to elevate their own privileges. This affects ownCloud instances with federated sharing enabled, allowing attackers to gain unauthorized access or control.

💻 Affected Systems

Products:
  • ownCloud
Versions: Versions before 10.8
Operating Systems: All operating systems running ownCloud
Default Config Vulnerable: ⚠️ Yes
Notes: Requires federated sharing to be enabled and user access to the database; default configurations may be vulnerable if these conditions are met.

📦 What is this software?

Owncloud by Owncloud

View all CVEs affecting Owncloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains administrative privileges, leading to full compromise of the ownCloud instance, data theft, or system takeover.

🟠

Likely Case

An authenticated user escalates privileges to access or modify sensitive files and settings they shouldn't have permission for.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to minor unauthorized access, quickly detected and contained.

🌐 Internet-Facing: HIGH, as internet-facing ownCloud instances are exposed to potential attackers exploiting this vulnerability remotely.
🏢 Internal Only: MEDIUM, as internal users with database access could exploit it, but network segmentation reduces external threat.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires authenticated access to a federated share and database interaction, making it moderately complex but feasible for skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ownCloud 10.8 or later

Vendor Advisory: https://owncloud.com/security-advisories/cve-2021-35946/

Restart Required: Yes

Instructions:

1. Backup your ownCloud instance and database. 2. Update ownCloud to version 10.8 or later via the official update mechanism. 3. Restart the ownCloud service to apply changes. 4. Verify the update by checking the version in the admin panel.

🔧 Temporary Workarounds

Disable Federated Sharing

all

Temporarily disable federated sharing to prevent exploitation until patching is possible.

Edit ownCloud config.php and set 'files_sharing.federation.enable' => false

🧯 If You Can't Patch

  • Restrict database access to only trusted users and applications.
  • Implement strict monitoring and logging for permission changes and database queries.

🔍 How to Verify

Check if Vulnerable:

Check the ownCloud version in the admin panel or via command 'php occ status' and verify if it is below 10.8.

Check Version:

php occ status | grep version

Verify Fix Applied:

After updating, confirm the version is 10.8 or higher using 'php occ status' or the admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual permission changes in ownCloud logs
  • Database queries modifying share permissions

Network Indicators:

  • Suspicious API calls to federated share endpoints

SIEM Query:

Example: search for 'permission update' or 'federated share' in ownCloud application logs with high severity.

📊 Metadata

CVE ID: CVE-2021-35946
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-269
Published: September 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35946, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)