CVE-2017-0885

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages.
References
Link Resource
https://hackerone.com/reports/174524 Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-003 Broken Link Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

History

04 Oct 2022, 14:04

Type Values Removed Values Added
References (CONFIRM) https://nextcloud.com/security/advisory/?id=nc-sa-2017-003 - Patch, Vendor Advisory (CONFIRM) https://nextcloud.com/security/advisory/?id=nc-sa-2017-003 - Broken Link, Patch, Vendor Advisory
CPE cpe:2.3:a:nextcloud:nextcloud_server:10.0.2:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

27 Sep 2022, 14:04

Type Values Removed Values Added
CPE cpe:2.3:a:nextcloud:nextcloud:10.0.2:*:*:*:*:*:*:* cpe:2.3:a:nextcloud:nextcloud_server:10.0.2:*:*:*:*:*:*:*
First Time Nextcloud nextcloud Server

Information

Published : 2017-04-05 20:59

Updated : 2023-12-10 12:01


NVD link : CVE-2017-0885

Mitre link : CVE-2017-0885

CVE.ORG link : CVE-2017-0885


JSON object : View

Products Affected

nextcloud

  • nextcloud_server
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-209

Generation of Error Message Containing Sensitive Information