CVE-2017-0883
N/A
N/A
Summary
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Nextcloud | Nextcloud Server | All versions before 9.0.55 and 10.0.2 | affected |
Weaknesses
- CWE-275: Permission Issues (CWE-275)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.