CVE-2017-0884

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for.
References
Link Resource
https://hackerone.com/reports/169680 Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-002 Broken Link Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-04-05 20:59

Updated : 2024-02-04 19:11


NVD link : CVE-2017-0884

Mitre link : CVE-2017-0884

CVE.ORG link : CVE-2017-0884


JSON object : View

Products Affected

nextcloud

  • nextcloud_server
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-275

Permission Issues