nextcloud, owncloud
2017-10-23 14:15
2017-06-16 19:21
2017-05-10 23:45
2017-04-14 10:19
2017-04-01 21:42
2017-03-28 21:03


Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information



Release Package Reason
precise nextcloud DNE
owncloud ignored
precise/esm nextcloud DNE
owncloud DNE
trusty nextcloud DNE
vivid/stable-phone-overlay nextcloud DNE
owncloud DNE
vivid/ubuntu-core nextcloud DNE
owncloud DNE
xenial nextcloud DNE
owncloud DNE
yakkety nextcloud DNE
owncloud DNE
zesty nextcloud DNE
owncloud DNE
artful nextcloud DNE
owncloud DNE
devel nextcloud DNE
owncloud DNE

Needs Triage

Release Package Reason
upstream nextcloud needs-triage
owncloud needs-triage
trusty owncloud needs-triage