7.2 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
54.2%
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.
bugzilla.suse.com/show_bug.cgi?id=1036756
lists.opensuse.org/opensuse-updates/2017-10/msg00010.html
www.suse.com/de-de/security/cve/CVE-2017-9286/