Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneDetroitsmashH1:145950
HistoryJun 19, 2016 - 11:33 p.m.

Nextcloud: Uploading files to a folder where invited user don't have any EDIT privilege

2016-06-1923:33:59
detroitsmash
hackerone.com
27

EPSS

0.001

Percentile

44.9%

JSON

Hi,

Any invited user to a shared folder with no edit privilege can create files in it through copy feature of Nextclod android app.

Steps to reproduce it

  • Create any folder and invite a user in it without any edit privilege.
  • Now login from invited user account through android app.
  • Copy any file from your nextcloud root folder to shared folder.
  • Check nextcloud web app!! Copied file will show in shared folder

Thanks

Related

cvelist 1
cve 1
ubuntucve 1
nextcloud 1
prion 1
nvd 1
openvas 2
cvelist
cvelist
CVE-2016-9461
2017-03-28 02:46:00
cve
cve
CVE-2016-9461
2017-03-28 02:59:00
ubuntucve
ubuntucve
CVE-2016-9461
2017-03-28 00:00:00
nextcloud
nextcloud
Edit permission check not enforced on WebDAV COPY action (NC-SA-2016-004)
2016-07-19 00:00:00
prion
prion
Code injection
2017-03-28 02:59:00
nvd
nvd
CVE-2016-9461
2017-03-28 02:59:00
openvas
openvas
Nextcloud 'share.js' Gallery Application XSS Vulnerability - Windows
2016-09-27 00:00:00
Nextcloud 'share.js' Gallery Application XSS Vulnerability - Linux
2016-09-27 00:00:00

EPSS

0.001

Percentile

44.9%

JSON
Related for H1:145950
cvelist1cve1ubuntucve1nextcloud1prion1nvd1openvas2