CVE-2017-0885

CVE-2017-0885

Vendor Nextcloud
Product Nextcloud Server
Weakness CWE-209 · Error message info leak
Published April 5, 2017
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages.

Key dates

02Disclosure timeline

April 5, 2017 CVE published
August 5, 2024 Record updated