CVE-2020-16144

Name of the Vulnerable Software and Affected Versions files antivirus component versions prior to 0.15.2 for ownCloud

Description The issue arises when using an object storage like S3 as the file store. If a user creates a public link to a folder where anonymous users can upload files and another user uploads a virus, the files antivirus app detects the virus but fails to delete it due to permission issues.

Recommendations For versions prior to 0.15.2, update to version 0.15.2 or later to resolve the issue. As a temporary workaround, consider restricting access to public links for folders where anonymous users can upload files to minimize the risk of exploitation.