Nextcloud server 12.0.5App password scope can be changed for other users
Bypassing quota limitation (NC-SA-2017-005)
5th February 2017
Risk level: Low
CVSS v3 Base Score: 0 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:N)
HackerOne report: 173622
Due to not properly sanitzing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.
- Nextcloud Server < 10.0.2 (CVE-2017-0887)
- Nextcloud Server < 9.0.55 (CVE-2017-0887)
The `OC-Total-Length` HTTP header is now properly sanitized.
The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Nordin - Vulnerability discovery and disclosure.
This advisory is licensed CC BY-SA 4.0.