CVE-2017-0885

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages.
References
Link Resource
https://hackerone.com/reports/174524 Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-003 Broken Link Patch Vendor Advisory
https://hackerone.com/reports/174524 Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-003 Broken Link Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:03

Type Values Removed Values Added
References () https://hackerone.com/reports/174524 - Third Party Advisory () https://hackerone.com/reports/174524 - Third Party Advisory
References () https://nextcloud.com/security/advisory/?id=nc-sa-2017-003 - Broken Link, Patch, Vendor Advisory () https://nextcloud.com/security/advisory/?id=nc-sa-2017-003 - Broken Link, Patch, Vendor Advisory

Information

Published : 2017-04-05 20:59

Updated : 2024-11-21 03:03


NVD link : CVE-2017-0885

Mitre link : CVE-2017-0885

CVE.ORG link : CVE-2017-0885


JSON object : View

Products Affected

nextcloud

  • nextcloud_server
CWE
CWE-209

Generation of Error Message Containing Sensitive Information

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor