Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
&color=brightgreen)
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions.
- https://github.com/owncloud/core/commit/c93eca49c32428ece03dd67042772d5fa62c8d6e
- https://github.com/owncloud/core/commit/d31720b6f1e8c8dfeb5e8805ab35ad7c8000b2f1
- https://hackerone.com/reports/146067
No PoCs found on GitHub currently.