From 1915c70314fd6826df261e10b0052d0a353b2e02 Mon Sep 17 00:00:00 2001
From: Morris Jobke CWE: Permission Issues (CWE-275) HackerOne report: 145950 The WebDAV endpoint was not properly checking the permission on a WebDAV "COPY" action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.Description
-
The WebDAV endpoint was not properly checking the permission on a WebDAV "COPY" action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.
The permission check is now also performed on "COPY" actions,
- +The permission check is now also performed on "COPY" actions,
+It is recommended that all instances are upgraded to Nextcloud 9.0.52.
The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory: