CVE-2016-9464

Опубликовано: 28 мар. 2017

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4

CVSS3: 4.3

Описание

Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group.

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [code not present]]
precise	ignored	end of life
precise/esm	DNE	precise was needs-triage
trusty	not-affected	code not present
trusty/esm	DNE	trusty was not-affected [code not present]
upstream	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 60%

0.00396

Низкий

4 Medium

CVSS2

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2016-9464

CVSS3: 4.3

nvd

около 8 лет назад

CVE-2016-9464

CVSS3: 4.3

debian

около 8 лет назад

Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper aut ...

GHSA-r69w-pvjm-xg3v

CVSS3: 4.3

github

около 3 лет назад

EPSS

Процентиль: 60%

0.00396

Низкий

4 Medium

CVSS2

4.3 Medium

CVSS3

CVE-2016-9464

Описание

Пакет nextcloud

Пакет owncloud

Ссылки на источники

Связанные уязвимости