Privilege Escalation Vulnerability in NextCloud Packaging for openSUSE

CVE-2017-9286 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.