CVE-2017-0885
EUVD-2017-123905.04.2017, 20:59
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| nextcloud | nextcloud_server | 𝑥 < 9.0.55 |
| nextcloud | nextcloud_server | 10.0.0 ≤ 𝑥 < 10.0.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-209 - Generation of Error Message Containing Sensitive InformationThe software generates an error message that includes sensitive information about its environment, users, or associated data.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.