Lucene search
IgorpyanH1:1403614HistoryNov 18, 2021 - 12:00 a.m.
Nextcloud: Possibility to force an admin to install recommended applications
2021-11-1800:00:52
igorpyan
hackerone.com
$100
120
0.001 Low
EPSS
Percentile
41.4%
Summary:
Endpoint /nextcloud/index.php/core/apps/recommended is accessible via GET http method and doesn’t check anti-csrf token. If an admin visits this endpoint in a browser the process of installation of recommended applications begins immediately.
Steps To Reproduce:
- an attacker creates a malicious page on controlled domain
- an attacker enforce an admin to visit this page
- an admin visits this page
- applications will be installed in a while
Affected version:
nextcloud/server: 22.2.2 (at least)
Recommendation:
require requesttoken for this GET query
or you can change behaviour so to initiate the installation process by manual click (POST query with checking of requesttoken)
[attachment / reference]
{F1517676}
Impact
Increasing of attack surface.
Any unused plugins should be disabled or removed. But this way allows to install them.
Related
openvas
openvas
osv
osv
CVE-2022-24889
2022-04-27 15:15:09
cve
cve
CVE-2022-24889
2022-04-27 15:15:09
cvelist
cvelist
nextcloud
nextcloud
Force an admin to install recommended applications
2022-04-27 07:27:52
prion
prion
Code injection
2022-04-27 15:15:00
nvd
nvd
CVE-2022-24889
2022-04-27 15:15:09
gentoo
gentoo
Nextcloud: Multiple Vulnerabilities
2022-08-10 00:00:00
nessus
nessus
GLSA-202208-17 : Nextcloud: Multiple Vulnerabilities
2022-08-16 00:00:00