diff options
Diffstat (limited to 'old/server/nc-sa-2016-011.json')
| -rw-r--r-- | old/server/nc-sa-2016-011.json | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/old/server/nc-sa-2016-011.json b/old/server/nc-sa-2016-011.json new file mode 100644 index 0000000..57d5a39 --- /dev/null +++ b/old/server/nc-sa-2016-011.json @@ -0,0 +1,43 @@ +{ + "Title": "Content-Spoofing in \"dav\" app", + "Timestamp": 1476098466, + "Risk": 1, + "CVSS3": { + "score": 3.1, + "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" + }, + "CWE": { + "id": 451, + "name": "User Interface (UI) Misrepresentation of Critical Information" + }, + "HackerOne": 149798, + "Affected":[ + { + "Version":"10.0.1", + "CVE":"CVE-2016-9468", + "Operator":"<", + "Commits": [ + "server/7350e13113c8ed484727a5c25331ec11d4d59f5f" + ] + }, + { + "Version":"9.0.54", + "CVE":"CVE-2016-9468", + "Operator":"<", + "Commits": [ + "server/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e" + ] + } + ], + "Description":"The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.", + "ActionTaken": "The user-controlled content has been removed from the exception message.", + "Acknowledgment":[ + { + "Name": "YoKo Kho", + "Company": "MII CAS", + "Website": "https://twitter.com/YoKoAcc", + "Reason": "Vulnerability discovery and disclosure." + } + ], + "Resolution": "It is recommended that all instances are upgraded to Nextcloud 9.0.54 or 10.0.1." +} |