Vulnerability Details CVE-2017-9286
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.0
References
- https://bugzilla.suse.com/show_bug.cgi?id=1036756
- https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html
- https://www.suse.com/de-de/security/cve/CVE-2017-9286/
- https://bugzilla.suse.com/show_bug.cgi?id=1036756
- https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html
- https://www.suse.com/de-de/security/cve/CVE-2017-9286/