CVE-2017-0885

Summary

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages.

Affected Software

VendorProductVersion RangeStatus
NextcloudNextcloud ServerAll versions before 9.0.55 and 10.0.2affected

Weaknesses

  • CWE-209: Information Exposure Through an Error Message (CWE-209)

ADP Enrichment

CVE Program Container

Additional References

References