SB2017040510 - Multiple vulnerabilities in nextcloud
Published: April 5, 2017 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Incorrect permission assignment for critical resource (CVE-ID: CVE-2017-0884)
The vulnerability allows a remote authenticated user to manipulate data.
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for.
2) Information disclosure (CVE-ID: CVE-2017-0885)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages.
3) Resource exhaustion (CVE-ID: CVE-2017-0886)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.
4) Input validation error (CVE-ID: CVE-2017-0887)
The vulnerability allows a remote authenticated user to manipulate data.
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.
5) Input validation error (CVE-ID: CVE-2017-0888)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.
Remediation
Install update from vendor's website.
References
- https://hackerone.com/reports/169680
- https://nextcloud.com/security/advisory/?id=nc-sa-2017-002
- https://hackerone.com/reports/174524
- https://nextcloud.com/security/advisory/?id=nc-sa-2017-003
- https://nextcloud.com/security/advisory/?id=nc-sa-2017-004
- https://hackerone.com/reports/173622
- https://nextcloud.com/security/advisory/?id=nc-sa-2017-005
- http://www.securityfocus.com/bid/97491
- https://hackerone.com/reports/179073
- https://nextcloud.com/security/advisory/?id=nc-sa-2017-006