Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for.
References
Link | Resource |
---|---|
https://hackerone.com/reports/169680 | Third Party Advisory |
https://nextcloud.com/security/advisory/?id=nc-sa-2017-002 | Broken Link Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
04 Oct 2022, 14:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:* |
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* |
References | (CONFIRM) https://nextcloud.com/security/advisory/?id=nc-sa-2017-002 - Broken Link, Patch, Vendor Advisory |
27 Sep 2022, 14:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Nextcloud nextcloud Server
|
|
CPE | cpe:2.3:a:nextcloud:nextcloud_server:10.0.2:*:*:*:*:*:*:* |
Information
Published : 2017-04-05 20:59
Updated : 2023-12-10 12:01
NVD link : CVE-2017-0884
Mitre link : CVE-2017-0884
CVE.ORG link : CVE-2017-0884
JSON object : View
Products Affected
nextcloud
- nextcloud_server