Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneRullzerH1:1965156
HistoryApr 28, 2023 - 9:52 a.m.

Nextcloud: Text does not respect 'Allow download' permissions

2023-04-2809:52:05
rullzer
hackerone.com
$250
7
nextcloud
allow download
permissions
bypass
vulnerability
bugbounty

EPSS

0.001

Percentile

23.8%

JSON
  1. user0 shares a folder of sensitive images to user1 without the ‘Allow download’ permission
  2. user1 just creates a new text file and inserts the images into it
  3. Voilla the images appear and can be downloaded easily

These are just previews but still.
For the most common types you can even request the raw image https://github.com/nextcloud/text/blob/main/lib/Controller/AttachmentController.php#L57-L67

Impact

A user assume that the allow download feature works can still have their sensitive photos leaked.

Related

osv 1
prion 1
nvd 1
cvelist 1
cve 1
nextcloud 1
openvas 1
osv
osv
CVE-2023-39961
2023-08-10 18:15:10
prion
prion
Code injection
2023-08-10 18:15:00
nvd
nvd
CVE-2023-39961
2023-08-10 18:15:10
cvelist
cvelist
CVE-2023-39961 Text does not respect "Allow download" permissions
2023-08-10 17:18:40
cve
cve
CVE-2023-39961
2023-08-10 18:15:10
nextcloud
nextcloud
Text does not respect "Allow download" permissions
2023-08-10 07:18:20
openvas
openvas
Nextcloud Server Multiple Vulnerabilities (GHSA-vv27-g2hq-v48h, GHSA-g97r-8ffm-hfpj, GHSA-qhgm-w4gx-gvgp, GHSA-xwxx-2752-w3xm, GHSA-j4qm-5q5x-54m5)
2023-08-10 00:00:00

EPSS

0.001

Percentile

23.8%

JSON
Related for H1:1965156
osv1prion1nvd1cvelist1cve1nextcloud1openvas1