CVE - CVE-2016-9462

CVE-ID
CVE-2016-9462	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:97285 URL:http://www.securityfocus.com/bid/97285 MISC:https://github.com/nextcloud/server/commit/1208953ba1d4d55a18a639846bbcdd66a2d5bc5e MISC:https://github.com/owncloud/core/commit/23383080731d092e079986464a8c4c9ffcb79f4c MISC:https://github.com/owncloud/core/commit/3b056fa68ce502ceb0db9b446dab3b9e7b10dd13 MISC:https://github.com/owncloud/core/commit/c93eca49c32428ece03dd67042772d5fa62c8d6e MISC:https://github.com/owncloud/core/commit/d31720b6f1e8c8dfeb5e8805ab35ad7c8000b2f1 MISC:https://hackerone.com/reports/146067 MISC:https://nextcloud.com/security/advisory/?id=nc-sa-2016-005 MISC:https://owncloud.org/security/advisory/?id=oc-sa-2016-015
Assigning CNA
HackerOne
Date Record Created
20161119	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20161119)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)