Nextcloud: Limitation of app specific password scope can be bypassed (NC-SA-2017-009)

2016-12-17T16:38:49
ID H1:191979
Type hackerone
Reporter makosdel
Modified 2017-05-08T20:20:10

Description

Limitation of app specific password scope can be bypassed (NC-SA-2017-009)

Risk level: Low CVSS v3 Base Score: 3 (AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N) CWE: Improper Authorization (CWE-285)

Description

Improper session handling allowed an application specific password without permission to the files access to the users file.

Affected Software

  • Nextcloud Server < 11.0.3 (CVE-2017-0892)

Action Taken

The permission check has been corrected and reviewed.

Acknowledgements

The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:

  • Mmakosdel - Vulnerability discovery and disclosure.