Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneRtodH1:1200815
HistoryMay 18, 2021 - 12:34 p.m.

Nextcloud: Federated share accepting/declining is not logged in audit log

2021-05-1812:34:55
rtod
hackerone.com
9

0.001 Low

EPSS

Percentile

26.0%

JSON

In relation to https://hackerone.com/reports/1177353

  1. Enable the audit log
  2. Share a file to a federated user
  3. So far all looks good in the log
  4. the recipient checks either accepts or declines the share
  5. There is no line regarding this in the logs.

Impact

The audit log is used to get a full trail of the actions which is now incompletely. With possible important information.
It seems to be also listed on https://portal.nextcloud.com/article/using-the-audit-log-44.html
From my point of view a declined share is unshared again.

Related

openvas 1
nextcloud 1
cvelist 1
nvd 1
prion 1
osv 1
cve 1
openvas
openvas
Nextcloud Server < 22.2.7, 23.x < 23.0.4 Insufficient Logging Vulnerability (GHSA-9qvg-7fwg-722x)
2022-08-08 00:00:00
nextcloud
nextcloud
Federated share accepting/declining is not logged in audit log
2022-08-04 06:12:52
cvelist
cvelist
CVE-2022-31120 Federated share accepting/declining is not logged in audit log in Nextcloud Server
2022-08-04 17:00:24
nvd
nvd
CVE-2022-31120
2022-08-04 17:15:08
prion
prion
Design/Logic Flaw
2022-08-04 17:15:00
osv
osv
CVE-2022-31120
2022-08-04 17:15:08
cve
cve
CVE-2022-31120
2022-08-04 17:15:08

0.001 Low

EPSS

Percentile

26.0%

JSON
Related for H1:1200815
openvas1nextcloud1cvelist1nvd1prion1osv1cve1