5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
44.7%
When federated shares between two Nextclouds are created they do not use standard webdav to communciate. But to obtain the filelist they seem to use the SERVER/index.php/apps/files_sharing/shareinfo
endpoint.
Unlike the other endpoint for tokens (like public link shares). There is no brute force protection here. So this could be used as enumeration endpoint for available tokens. This is not likely to generate a hit due to the search space. But considering you do limit this on the public link endpoint for example it still seems relevant.
Now this brings me to the second part that struck me on this endpoint. It is essentially sending back the entire file tree below it. Meaning if this is a big file tree it you could just keep sending requests to the server keeping it quite busy. (and all requests are valid and won’t be flagged). There is no rate limiting at all.
Then this brings me to the final part This endpoint accepts all token shares. Even link share tokens (meaning you don’t even have to use the ‘add to your Nextcloud’), (and there is no check if federation is enabled). So in short. If you have a link share with a big file tree (or you create it yourself if there is write access).
Possible to perform denial of service attacks by sending a lot of valid request that could lead to a significant number of queries and memory usage on the system.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
44.7%