Detroitsmash

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 9.0.52 ownCloud Server versions prior to 9.0.4 **Description** The issue arises from improper verification of edit check permissions on WebDAV copy actions. Specifically, the WebDAV endpoint did not properly check permissions during a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to upload new files, although modifying existing files was not possible. **Recommendations** For Nextcloud Server versions prior to 9.0.52, update to version 9.0.52 or later. For ownCloud Server versions prior to 9.0.4, update to version 9.0.4 or later.