Welcome to mirror list, hosted at ThFree Co, Russian Federation.

nc-sa-2017-002.json « server - github.com/nextcloud/security-advisories.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/server/nc-sa-2017-002.json
blob: 4aa9efb363086dce1ed7507e8aacef9b261b4ad3 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

{
   "Title": "Creation of folders in read-only folders despite lacking permissions",
   "Timestamp": 1486290968,
   "Risk": 1,
   "CVSS3": {
     "score": 4.1,
     "vector": "AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"
   },
   "CWE": {
     "id": 275,
     "name": "Permission Issues"
   },
   "HackerOne": 169680,
   "Affected":[
      {
         "Version":"10.0.2",
         "CVE":"CVE-2017-0884",
         "Operator":"<"
      },
     {
       "Version":"9.0.55",
       "CVE":"CVE-2017-0884",
       "Operator":"<"
     }
   ],
   "Description":"Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder.Note that this only affects folders and files that the adversary has at least read-only permissions for.",
   "ActionTaken": "The file cache operation is now only performed if the file system operation succeeded.",
   "Acknowledgment":[
      {
         "Name": "secator",
         "Email": "info@secator.com",
         "Website": "https://secator.com/",
         "Reason": "Vulnerability discovery and disclosure."
      }
   ],
   "Resolution": "It is recommended that all instances are upgraded to Nextcloud 9.0.55 or 10.0.2."
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-21 00:11:21 +0300