Vulnerability Details : CVE-2016-9461
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.
Vulnerability category: BypassGain privilege
Products affected by CVE-2016-9461
- cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9461
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9461
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2016-9461
-
Assigned by: support@hackerone.com (Secondary)
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9461
-
https://nextcloud.com/security/advisory/?id=nc-sa-2016-004
advisory – NextcloudPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/97276
ownCloud and Nextcloud CVE-2016-9461 Unauthorized Access VulnerabilityThird Party Advisory;VDB Entry
-
https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9
Additional perm check in Webdav · owncloud/core@c0a4b7b · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://hackerone.com/reports/145950
#145950 Uploading files to a folder where invited user don't have any EDIT privilegeExploit;Third Party Advisory
-
https://owncloud.org/security/advisory/?id=oc-sa-2016-014
Security Advisories – ownCloudPatch;Vendor Advisory
-
https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc
add some additonal permission checks to the webdav backend · nextcloud/server@3491400 · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547
Additional perm check in Webdav · owncloud/core@0622e63 · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47
Additional perm check in Webdav · owncloud/core@acbbadb · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e
Additional perm check in Webdav · owncloud/core@121a330 · GitHubIssue Tracking;Patch;Third Party Advisory
Jump to