// For flags

CVE-2017-0883

 

Severity Score

6.4
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for.

Nextcloud Server en versiones anteriores a 9.0.55 y 10.0.2 sufre un aumento de permiso al volver a compartir a través del problema de la API de OCS compartiendo API permitió a un adversario autenticado compartir archivos compartidos con un conjunto de permisos creciente. Esto puede permitir que un atacante edite archivos en un recurso compartido a pesar de tener sólo un conjunto de permisos 'leído'. Tenga en cuenta que esto sólo afecta a carpetas y archivos que el adversario tiene al menos permisos de sólo lectura.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-11-30 CVE Reserved
  • 2017-04-05 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-275: Permission Issues
  • CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (2)
URL Tag Source
https://hackerone.com/reports/169680 Third Party Advisory
URL Date SRC
URL Date SRC
https://nextcloud.com/security/advisory/?id=nc-sa-2017-001 2019-10-09
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Nextcloud
Search vendor "Nextcloud"
 Nextcloud Server
Search vendor "Nextcloud" for product "Nextcloud Server"
 <= 9.0.54
Search vendor "Nextcloud" for product "Nextcloud Server" and version " <= 9.0.54"
-
Affected
Nextcloud
Search vendor "Nextcloud"
 Nextcloud Server
Search vendor "Nextcloud" for product "Nextcloud Server"
 10.0.2
Search vendor "Nextcloud" for product "Nextcloud Server" and version "10.0.2"
-
Affected