CVE-2017-9286

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microfocusCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
opensuseleap
42.3
𝑥
= Vulnerable software versions
References
https://bugzilla.suse.com/show_bug.cgi?id=1036756
https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html
https://www.suse.com/de-de/security/cve/CVE-2017-9286/
https://bugzilla.suse.com/show_bug.cgi?id=1036756
https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html
https://www.suse.com/de-de/security/cve/CVE-2017-9286/