ROS-20230418-01

Nextcloud server vulnerability is related to an application that does not properly control the consumption of
of internal resources. Exploitation of the vulnerability could allow an attacker acting remotely,
to initiate resource exhaustion and perform a denial of service attack.

The Nextcloud server vulnerability is related to a missing scope check that allowed users to
create workflows that are intended to be accessible only to
administrators. Exploitation of the vulnerability could allow an attacker acting remotely to run
malicious code on the target system.

The Nextcloud server vulnerability involves a violation of secure design principles, a remote
administrator has the ability to control the filename when loading a logo or favicon in the settings of a
Theme. Exploitation of the vulnerability could allow an attacker to compromise the target system.

The Nextcloud server vulnerability is related to insecure default password randomization during file sharing
file sharing when the password policy application is disabled. Exploitation of the vulnerability could
allow an attacker acting remotely to gain unauthorized access to sensitive
information on the system.

Nextcloud server vulnerability involves the use of an improperly authorized name or link.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a collision of shared
resources to recipients if caching is enabled.