CVE-2016-9462

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-03-28 02:59

Updated : 2024-02-28 15:44


NVD link : CVE-2016-9462

Mitre link : CVE-2016-9462

CVE.ORG link : CVE-2016-9462


JSON object : View

Products Affected

nextcloud

  • nextcloud_server

owncloud

  • owncloud
CWE
CWE-284

Improper Access Control

CWE-275

Permission Issues