CVE-2017-9286Nextcloud vulnerability

5 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 56.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse NextcloudOpensuse Leap
Timeline
PublishedMar 1
Latest updateMay 13

Description

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5suse/nextcloudunspecified11.0.3-3.1
NVDopensuse/leap42.3

🔴Vulnerability Details

1
GHSA
GHSA-p8ph-fqxj-xw9c: The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate p2022-05-13

💬Community

3
Bugzilla
CVE-2017-9286 nextcloud: privileges escalation to root during nextcloud package upgrade2018-03-06
Bugzilla
CVE-2017-9286 nextcloud: privileges escalation to root during nextcloud package upgrade [epel-7]2018-03-06
Bugzilla
CVE-2017-9286 nextcloud: privileges escalation to root during nextcloud package upgrade [fedora-all]2018-03-06
CVE-2017-9286 — Suse Nextcloud vulnerability | cvebase