CVE-2017-9286

Summary

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.

Affected Software

VendorProductVersion RangeStatus
SUSEnextcloudunspecified < 11.0.3-3.1affected

Weaknesses

  • Using the untrusted hierarchy under /srv/wwwroot/htdocs during update as root user could be used to overwrite root files.

ADP Enrichment

CVE Program Container

Additional References

References