Security Advisory

Back to advisories

Bypassing quota limitation (NC-SA-2017-005)

5th February 2017

Risk level: Low

CVSS v3 Base Score: 0 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:N)

CWE: Reliance on Untrusted Inputs in a Security Decision (CWE-807)

HackerOne report: 173622

Description

Due to not properly sanitzing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.

Affected Software

  • Nextcloud Server < 10.0.2 (CVE-2017-0887)
  • Nextcloud Server < 9.0.55 (CVE-2017-0887)

Action Taken

The `OC-Total-Length` HTTP header is now properly sanitized.

Acknowledgements

The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:

  • Nordin - Vulnerability discovery and disclosure.

This advisory is licensed CC BY-SA 4.0.