PT-2017-10685 · Nextcloud · Nextcloud Server
B42F97Eb69Dddcafe5Cc278
·
Published
2017-04-05
·
Updated
2022-10-04
·
CVE-2017-0884
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Server versions prior to 9.0.55
Nextcloud Server versions prior to 10.0.2
Description
The issue allows an authenticated adversary to create empty folders inside a shared folder, despite lacking the necessary permissions, due to a logical error in the file caching layer. This affects folders and files where the adversary has at least read-only permissions.
Recommendations
For Nextcloud Server versions prior to 9.0.55, update to version 9.0.55 or later.
For Nextcloud Server versions prior to 10.0.2, update to version 10.0.2 or later.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nextcloud Server