CVE-2017-0892

Description

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.

Affected products

• nextcloud / nextcloud/serverbefore 11.0.3 – before 11.0.3

References

• MISChttps://hackerone.com/reports/191979
• MISChttps://nextcloud.com/security/advisory/?id=nc-sa-2017-009