Read-only share recipient can restore old versions of file.

by bugdiscloseguys · Published November 18, 2016 · Updated November 18, 2016

Description

The restore capability of Nextcloud was not verifying whether an user has only read-only access to a share. Thus an user with read-only access was able to restore old versions.

Affected Software

Nextcloud Server < 9.0.52

Action Taken

The permission check is now also performed on restore actions.

Steps To Repro:

1)Create A Document
2)Share It With Someone
3) Name The Owner As Owner And The Other User As X
4) Now From Owner Add A New Version Of The File.
5) From User X Restore The Previous Version And Intercept The Request.
6) Now Delete User X From Can-Edit Rank
7) Now From Owner Add New Version Again.
8) Now Repeat The Request That Was Intercepted By User X And You Will See That Document Got Restored.

POC : https://youtu.be/KpK89cD3Vk8

Thanks for reading !!!

You may also like...

1 Response

Comments1
Pingbacks0

hrllo says:

November 19, 2016 at 6:55 am

hi

Reply

Leave a Reply Cancel reply