CVE-2017-8340
Description
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OX App Suite 7.8.3 and earlier contains an access control flaw allowing privilege escalation via folder move and sharing operations.
Vulnerability
OX App Suite versions 7.8.3 and earlier are affected by an incorrect access control vulnerability [1]. The issue manifests in two distinct scenarios: when moving or copying a folder from an external storage service to a folder of the primary OX Drive storage service, a permission-related error was thrown due to improper handling of administrator privileges; and when attempting to share a file that is locked, the sharing dialog failed to close properly when canceling the operation [1]. These flaws indicate that the product did not correctly enforce access restrictions under these specific conditions.
Exploitation
An authenticated user can exploit the vulnerability by performing folder operations across different storage services (external to primary OX Drive) where permission restrictions are incorrectly applied, potentially bypassing intended access controls [1]. Additionally, a user interacting with a locked file during sharing operations can trigger a state where the sharing dialog becomes stuck, indicating improper handling of concurrent access [1]. No special network position is required beyond normal authenticated access to the OX App Suite interface.
Impact
Successful exploitation allows an authenticated user to gain unauthorized access to folders or files that should have been restricted, potentially leading to information disclosure or unauthorized modification of data [1]. The permission error when moving folders from external to primary storage results in the creator of the OX Drive folder receiving administrator privileges improperly, enabling privilege escalation [1]. The locked-file sharing issue may cause denial-of-service or inconsistent state, but the primary impact is the breach of access control policies.
Mitigation
The vulnerability was fixed in OX App Suite version 7.8.4, released on 2017-05-23, with patch release 4233 on 2017-06-26 [1]. Users should upgrade to version 7.8.4 or later to receive the corrected permission handling and file lock management [1]. No workarounds are documented in the available references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Open-Xchange GmbH/OX App Suitedescription
- Range: <=7.8.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- open-xchange.commitrex_refsource_MISC
- ox.commitrex_refsource_MISC
- documentation.open-xchange.com/7.10.0/release-notes/release-notes.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.