Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for.
References
Link | Resource |
---|---|
https://hackerone.com/reports/169680 | Third Party Advisory |
https://nextcloud.com/security/advisory/?id=nc-sa-2017-002 | Broken Link Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-04-05 20:59
Updated : 2024-02-04 19:11
NVD link : CVE-2017-0884
Mitre link : CVE-2017-0884
CVE.ORG link : CVE-2017-0884
JSON object : View
Products Affected
nextcloud
- nextcloud_server