Multiple vulnerabilities in nextcloud
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2017-0884 CVE-2017-0885 CVE-2017-0886 CVE-2017-0887 CVE-2017-0888 |
| CWE-ID | CWE-732 CWE-200 CWE-400 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
nextcloud Other software / Other software solutions |
| Vendor | Nextcloud |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Incorrect permission assignment for critical resource
EUVDB-ID: #VU39272
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-0884
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to manipulate data.
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for.
MitigationInstall update from vendor's website.
Vulnerable software versionsnextcloud: 10.0.2
CPE2.3 External linkshttps://hackerone.com/reports/169680
https://nextcloud.com/security/advisory/?id=nc-sa-2017-002
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU39273
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-0885
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages.
MitigationInstall update from vendor's website.
Vulnerable software versionsnextcloud: 10.0.2
CPE2.3 External linkshttps://hackerone.com/reports/174524
https://nextcloud.com/security/advisory/?id=nc-sa-2017-003
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU39274
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-0886
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.
MitigationInstall update from vendor's website.
Vulnerable software versionsnextcloud: 10.0.2
CPE2.3 External linkshttps://hackerone.com/reports/174524
https://nextcloud.com/security/advisory/?id=nc-sa-2017-004
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU39275
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-0887
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to manipulate data.
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.
MitigationInstall update from vendor's website.
Vulnerable software versionsnextcloud: 10.0.2
CPE2.3 External linkshttps://hackerone.com/reports/173622
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU39276
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-0888
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.
MitigationInstall update from vendor's website.
Vulnerable software versionsnextcloud: 10.0.2
CPE2.3 External linkshttps://www.securityfocus.com/bid/97491
https://hackerone.com/reports/179073
https://nextcloud.com/security/advisory/?id=nc-sa-2017-006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
