TROYANOSYVIRUS
Retour aux CVEs

CVE-2016-9467

N/A

Description

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.

Details CVE

Score CVSS v3.1N/A
Publie3/28/2017
Derniere modification4/20/2025
Sourcenvd
Observations honeypot0

Produits affectes

nextcloud:nextcloud_serverowncloud:owncloud

Faiblesses (CWE)

CWE-451CWE-284

References

https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960(support@hackerone.com)
https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013(support@hackerone.com)
https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1(support@hackerone.com)
https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14(support@hackerone.com)
https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071(support@hackerone.com)
https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a(support@hackerone.com)
https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d(support@hackerone.com)
https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4(support@hackerone.com)
https://hackerone.com/reports/154827(support@hackerone.com)
https://nextcloud.com/security/advisory/?id=nc-sa-2016-010(support@hackerone.com)
https://owncloud.org/security/advisory/?id=oc-sa-2016-020(support@hackerone.com)
https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/154827(af854a3a-2127-422b-91ae-364da2661108)
https://nextcloud.com/security/advisory/?id=nc-sa-2016-010(af854a3a-2127-422b-91ae-364da2661108)
https://owncloud.org/security/advisory/?id=oc-sa-2016-020(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.