CVE-2017-9286

Name of the Vulnerable Software and Affected Versions: NextCloud versions (affected versions not specified)

Description: The issue is related to insufficient access control in the NextCloud platform on the OpenSUSE Leap operating system. It allows a remote attacker to gain root privileges during a NextCloud package upgrade by exploiting scripts running as the wwwrun user, specifically those located in the /srv/www/htdocs directory.

Recommendations: For all affected versions, consider restricting access to the /srv/www/htdocs directory to minimize the risk of exploitation. As a temporary workaround, consider disabling the execution of scripts in the /srv/www/htdocs directory until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.