CVE-2016-9462
- Source
- https://cve.org/CVERecord?id=CVE-2016-9462
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9462.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-9462
- Published
- 2017-03-28T02:59:00.887Z
- Modified
- 2026-05-14T04:02:11.930919612Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions.
- References
-
- http://www.securityfocus.com/bid/97285
- https://github.com/nextcloud/server/commit/1208953ba1d4d55a18a639846bbcdd66a2d5bc5e
- https://github.com/owncloud/core/commit/23383080731d092e079986464a8c4c9ffcb79f4c
- https://github.com/owncloud/core/commit/3b056fa68ce502ceb0db9b446dab3b9e7b10dd13
- https://github.com/owncloud/core/commit/c93eca49c32428ece03dd67042772d5fa62c8d6e
- https://github.com/owncloud/core/commit/d31720b6f1e8c8dfeb5e8805ab35ad7c8000b2f1
- https://nextcloud.com/security/advisory/?id=nc-sa-2016-005
- https://owncloud.org/security/advisory/?id=oc-sa-2016-015
- https://hackerone.com/reports/146067
Affected packages
Git / github.com/nextcloud/server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nextcloud/server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
- Database specific
{ "cpe": [ "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "0" }, { "fixed": "9.0.52" }, { "fixed": "9.0.4" } ], "source": [ "CPE_FIELD", "REFERENCES" ] }
Affected versions
v1.*
v1.0.0beta1
v3.*
v3.0
v4.*
v4.0.0
v4.0.0RC
v4.0.0RC2
v4.0.0beta
v4.0.1
v4.0.4
v4.0.5
v4.0.6
v4.5.0
v4.5.0RC1
v4.5.0RC2
v4.5.0RC3
v4.5.0beta3
v4.5.0beta4
v5.*
v5.0.0
v5.0.0RC1
v5.0.0RC2
v5.0.0RC3
v5.0.0alpha1
v5.0.0beta1
v5.0.0beta2
v6.*
v6.0.0RC1
v6.0.0RC2
v6.0.0alpha2
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.0beta5
v7.*
v7.0.0alpha2
v7.0.0beta1
v8.*
v8.0.0
v8.0.0RC1
v8.0.0RC2
v8.0.0alpha1
v8.0.0alpha2
v8.0.0beta1
v8.0.0beta2
v8.1.0alpha1
v8.1.0alpha2
v8.1.0beta1
v8.1.0beta2
v8.1RC2
v8.2RC1
v8.2beta1
v9.*
v9.0.0
v9.0.0RC1
v9.0.0RC2
v9.0.0RC3
v9.0.0beta2
v9.0.1
v9.0.1RC1
v9.0.1RC2
v9.0.1beta
v9.0.2
v9.0.2RC1
v9.0.2RC2
v9.0.3
v9.0.3RC1
v9.0.4RC1
v9.0.50
v9.0.51
v9.0.52RC1
v9.0beta1
Git / github.com/owncloud/core
Affected versions
v1.*
v1.0.0beta1
v3.*
v3.0
v4.*
v4.0.0
v4.0.0RC
v4.0.0RC2
v4.0.0beta
v4.0.1
v4.0.4
v4.0.5
v4.0.6
v4.5.0
v4.5.0RC1
v4.5.0RC2
v4.5.0RC3
v4.5.0beta3
v4.5.0beta4
v5.*
v5.0.0
v5.0.0RC1
v5.0.0RC2
v5.0.0RC3
v5.0.0alpha1
v5.0.0beta1
v5.0.0beta2
v6.*
v6.0.0RC1
v6.0.0RC2
v6.0.0alpha2
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.0beta5
v7.*
v7.0.0alpha2
v7.0.0beta1
v8.*
v8.0.0
v8.0.0RC1
v8.0.0RC2
v8.0.0alpha1
v8.0.0alpha2
v8.0.0beta1
v8.0.0beta2
v8.0.1
v8.0.10
v8.0.10RC1
v8.0.11
v8.0.11RC1
v8.0.11RC2
v8.0.12
v8.0.12RC1
v8.0.12RC2
v8.0.13RC1
v8.0.13RC2
v8.0.1RC1
v8.0.2
v8.0.3
v8.0.3RC1
v8.0.3RC2
v8.0.3RC3
v8.0.3RC4
v8.0.4
v8.0.4RC1
v8.0.4RC2
v8.0.5
v8.0.5RC1
v8.0.5beta
v8.0.6
v8.0.6RC1
v8.0.6beta1
v8.0.7
v8.0.7RC1
v8.0.8
v8.0.9
v8.0.9RC1
v8.0.9RC2
v8.1.0
v8.1.0alpha1
v8.1.0alpha2
v8.1.0beta1
v8.1.0beta2
v8.1.1
v8.1.1RC1
v8.1.1beta
v8.1.1beta1
v8.1.2
v8.1.2RC1
v8.1.3
v8.1.4
v8.1.4RC1
v8.1.4RC2
v8.1.5
v8.1.5RC1
v8.1.6
v8.1.6RC1
v8.1.6RC2
v8.1.7
v8.1.7RC1
v8.1.7RC2
v8.1.8RC1
v8.1.8RC2
v8.1.9RC1