Lucene search
CtulhuH1:1781751HistoryNov 22, 2022 - 8:46 p.m.
Nextcloud: Ability to control the filename when uploading a logo or favicon on theming
2022-11-2220:46:30
ctulhu
hackerone.com
7
nextcloud
theming
filename control
logo
favicon
attacker
path disclosure
webapp
bug bounty
security issue
0.001 Low
EPSS
Percentile
50.5%
Summary:
Hello,
When uploading a logo or favicon the filename can be controlled by attacker since the key can be modified which serves as the filename.
{F2044799}
{F2044800}
{F2044798}
Due to an error the path is also disclosed
{F2044802}
Steps To Reproduce:
[add details for how we can reproduce the issue]
- go to
http://localhost/settings/admin/theming - upload a logo or favicon
- intercept the request using burp
- modify the key
Impact
The attacker can upload any files directly in the webapp and path disclosure. Combining both information can be useful in later attacks.
Related
cve
cve
CVE-2023-28833
2023-03-30 19:15:06
nvd
nvd
CVE-2023-28833
2023-03-30 19:15:06
nextcloud
nextcloud
osv
osv
CVE-2023-28833
2023-03-30 19:15:06
cvelist
cvelist
prion
prion
Design/Logic Flaw
2023-03-30 19:15:00
openvas
openvas
redos
redos
ROS-20230418-01
2023-04-18 00:00:00