{"id":"CVE-2017-0883","details":"Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for.","modified":"2026-04-10T03:55:56.945770Z","published":"2017-04-05T20:59:00.197Z","references":[{"type":"ADVISORY","url":"https://hackerone.com/reports/169680"},{"type":"FIX","url":"https://nextcloud.com/security/advisory/?id=nc-sa-2017-001"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/server","events":[{"introduced":"0"},{"last_affected":"36750094f8b1a2f3bb24ac46348a639fc6197f9c"},{"introduced":"0"},{"last_affected":"6849d7235ef1acd2293382cc170a82c55c6bb3ba"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.0.54"},{"introduced":"0"},{"last_affected":"10.0.2"}]}}],"versions":["v1.0.0beta1","v10.0.0","v10.0.1","v10.0.1RC1","v10.0.2","v10.0RC1","v3.0","v4.0.0","v4.0.0RC","v4.0.0RC2","v4.0.0beta","v4.0.1","v4.0.4","v4.0.5","v4.0.6","v4.5.0","v4.5.0RC1","v4.5.0RC2","v4.5.0RC3","v4.5.0beta3","v4.5.0beta4","v5.0.0","v5.0.0RC1","v5.0.0RC2","v5.0.0RC3","v5.0.0alpha1","v5.0.0beta1","v5.0.0beta2","v6.0.0RC1","v6.0.0RC2","v6.0.0alpha2","v6.0.0beta2","v6.0.0beta3","v6.0.0beta4","v6.0.0beta5","v7.0.0alpha2","v7.0.0beta1","v8.0.0","v8.0.0RC1","v8.0.0RC2","v8.0.0alpha1","v8.0.0alpha2","v8.0.0beta1","v8.0.0beta2","v8.1.0alpha1","v8.1.0alpha2","v8.1.0beta1","v8.1.0beta2","v8.1RC2","v8.2RC1","v8.2beta1","v9.0.0","v9.0.0RC1","v9.0.0RC2","v9.0.0RC3","v9.0.0beta2","v9.0.1","v9.0.1RC1","v9.0.1RC2","v9.0.1beta","v9.0.2","v9.0.2RC1","v9.0.2RC2","v9.0.50","v9.0.51","v9.0.52","v9.0.52RC1","v9.0.54","v9.0.54RC1","v9.0beta1","v9.1.0beta1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0883.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}]}