diff options
Diffstat (limited to 'advisories/nc-sa-2016-010.php')
-rw-r--r-- | advisories/nc-sa-2016-010.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/advisories/nc-sa-2016-010.php b/advisories/nc-sa-2016-010.php index 1c7dfc50..e856c8cf 100644 --- a/advisories/nc-sa-2016-010.php +++ b/advisories/nc-sa-2016-010.php @@ -13,8 +13,7 @@ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/451.html">User Interface (UI) Misrepresentation of Critical Information (CWE-451)</a></p> <p>HackerOne report: <a href="https://hackerone.com/reports/154827">154827</a></p> <h3>Description</h3> - <p><p>The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.</p> -</p> + <p>The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.</p> <h3>Affected Software</h3> <ul> <li>Nextcloud Server < <strong>10.0.1</strong> (CVE-2016-9467)</li> @@ -32,8 +31,9 @@ </ul> <h3>Action Taken</h3> - <p><p>The passed parameter is now verified.</p> -</p> + <p>The passed parameter is now verified.</p> + <h3>Resolution</h3> + <p>It is recommended that all instances are upgraded to Nextcloud 9.0.54 or 10.0.1.</p> <h3>Acknowledgements</h3> <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> <ul> |