34 строки
1.1 KiB
JSON
34 строки
1.1 KiB
JSON
{
|
|
"Title": "Edit permission check not enforced on WebDAV COPY action",
|
|
"Timestamp": 1468916769,
|
|
"Risk": 2,
|
|
"CVSS3": {
|
|
"score": 3.1,
|
|
"vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
|
|
},
|
|
"CWE": {
|
|
"id": 275,
|
|
"name": "Permission Issues"
|
|
},
|
|
"HackerOne": 145950,
|
|
"Affected":[
|
|
{
|
|
"Version":"9.0.52",
|
|
"CVE":"CVE-2016-9461",
|
|
"Operator":"<",
|
|
"Commits": [
|
|
"server/3491400261c1454a9a30d3ec96969573330120cc"
|
|
]
|
|
}
|
|
],
|
|
"Description":"The WebDAV endpoint was not properly checking the permission on a WebDAV \"COPY\" action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.",
|
|
"ActionTaken": "The permission check is now also performed on \"COPY\" actions,",
|
|
"Acknowledgment":[
|
|
{
|
|
"Name":"Kumar Saurabh",
|
|
"Reason":"Vulnerability discovery and disclosure."
|
|
}
|
|
],
|
|
"Resolution":"It is recommended that all instances are upgraded to Nextcloud 9.0.52."
|
|
}
|