Nextcloud Server prior to 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an malicious user to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nextcloud nextcloud server |
||
nextcloud nextcloud server 10.0.2 |