Lucene search
BugdiscloseguysH1:146067HistoryJun 20, 2016 - 5:11 p.m.
Nextcloud: Read-only share recipient can restore old versions of file
2016-06-2017:11:03
bugdiscloseguys
hackerone.com
$300
17
0.001 Low
EPSS
Percentile
49.8%
The restore capability of Nextcloud was not verifying whether an user has only read-only access to a share. Thus an user with read-only access was able to restore old versions.
A detailed advisory can be found at https://nextcloud.com/security/advisory/?id=nc-sa-2016-005.
Thanks a lot, @bugdiscloseguy for pointing out this vulnerability!
On request of the reporter this report has been only disclosed limitedly.
Related
cve
cve
CVE-2016-9462
2017-03-28 02:59:00
prion
prion
Design/Logic Flaw
2017-03-28 02:59:00
nvd
nvd
CVE-2016-9462
2017-03-28 02:59:00
ubuntucve
ubuntucve
CVE-2016-9462
2017-03-28 00:00:00
nextcloud
nextcloud
Read-only share recipient can restore old versions of file (NC-SA-2016-005)
2016-07-19 00:00:00
cvelist
cvelist
CVE-2016-9462
2017-03-28 02:46:00
openvas
openvas
Nextcloud 'share.js' Gallery Application XSS Vulnerability - Windows
2016-09-27 00:00:00
Nextcloud 'share.js' Gallery Application XSS Vulnerability - Linux
2016-09-27 00:00:00