{"id":"CVE-2017-0884","details":"Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for.","modified":"2026-07-08T12:42:04.983586Z","published":"2017-04-05T20:59:00.243Z","references":[{"type":"ADVISORY","url":"https://hackerone.com/reports/169680"},{"type":"FIX","url":"https://nextcloud.com/security/advisory/?id=nc-sa-2017-002"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/server","events":[{"introduced":"0"},{"fixed":"90411cdb01df67d09c5ab01ad9a16ebeffdd428a"},{"introduced":"43ce8b13c1422ed82f42886b5918159f05b36967"},{"fixed":"6849d7235ef1acd2293382cc170a82c55c6bb3ba"}],"database_specific":{"cpe":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"9.0.55"},{"introduced":"10.0.0"},{"fixed":"10.0.2"}],"source":"CPE_RANGE"}}],"versions":["v9.0.54","v10.0.1","v9.0.54RC1","v10.0.1RC1","v10.0.0","v9.0.52","v9.0.52RC1","v9.0.51","v9.0.50","v9.0.2","v9.0.2RC2","v9.0.2RC1","v9.0.1RC2","v9.0.1","v9.0.1RC1","v9.0.1beta","v9.0.0","v9.0.0RC3","v9.0.0RC2","v9.0.0RC1","v9.0.0beta2","v9.0beta1","v8.2RC1","v8.2beta1","v8.1RC2","v8.1.0beta2","v8.1.0beta1","v8.1.0alpha2","v8.1.0alpha1","v8.0.0","v8.0.0RC2","v8.0.0RC1","v8.0.0beta2","v8.0.0beta1","v8.0.0alpha2","v8.0.0alpha1","v7.0.0beta1","v7.0.0alpha2","v6.0.0RC2","v6.0.0RC1","v6.0.0beta5","v6.0.0beta4","v6.0.0beta3","v6.0.0beta2","v6.0.0alpha2","v5.0.0","v5.0.0RC3","v5.0.0RC2","v5.0.0RC1","v5.0.0beta2","v5.0.0beta1","v5.0.0alpha1","v4.5.0","v4.5.0RC3","v4.5.0RC2","v4.5.0RC1","v4.5.0beta4","v4.5.0beta3","v4.0.6","v4.0.5","v4.0.4","v4.0.1","v4.0.0","v4.0.0RC2","v4.0.0RC","v4.0.0beta","v3.0","v1.0.0beta1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0884.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}