Nextcloud server 12.0.5App password scope can be changed for other users
Read-only share recipient can restore old versions of file (NC-SA-2016-005)
19th July 2016
Risk level: Low
CVSS v3 Base Score: 3.1 (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)
HackerOne report: 146067
The restore capability of Nextcloud was not verifying whether an user has only read-only access to a share. Thus an user with read-only access was able to restore old versions.
- Nextcloud Server < 9.0.52 (CVE-2016-9462)
The permission check is now also performed on restore actions.
The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Rudra Pratap Singh - Vulnerability discovery and disclosure.
This advisory is licensed CC BY-SA 4.0.