Vulnerability Details : CVE-2016-9464
Potential exploit
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group.
Vulnerability category: BypassGain privilege
Products affected by CVE-2016-9464
- cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:10.0:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9464
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9464
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2016-9464
-
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)
References for CVE-2016-9464
-
https://github.com/nextcloud/server/commit/e2c4f4f9aa11bc92e8f2212cce73841b922187e8
Add intergration test · nextcloud/server@e2c4f4f · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/97287
Nextcloud CVE-2016-9464 Unauthorized Access VulnerabilityThird Party Advisory;VDB Entry
-
https://nextcloud.com/security/advisory/?id=nc-sa-2016-007
advisory – NextcloudPatch;Vendor Advisory
-
https://github.com/nextcloud/server/commit/a5471b4a3e3f30e99e4de39c97c0c3b3c2f1618f
Do not allow to delete/update group shares as a group member · nextcloud/server@a5471b4 · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://hackerone.com/reports/153905
#153905 IDOR - Disable sharingExploit;Third Party Advisory
-
https://github.com/nextcloud/server/commit/3387e5d00fcf6b2ea6b285a091e5743f545e7202
Add intergration test · nextcloud/server@3387e5d · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://github.com/nextcloud/server/commit/7289cb5ec0b812992ab0dfb889744b94bc0994f0
Do not allow to delete/update group shares as a group member · nextcloud/server@7289cb5 · GitHubIssue Tracking;Patch;Third Party Advisory
Jump to