PT-2021-19834 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: A vulnerability in federated share exists in Nextcloud Server, allowing an attacker to gain access to...

PT-2021-19831 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue affects Nextcloud Server, a package handling data storage. It sends user IDs to the lookup...

Cross-site request forgery attack on change password form

Summary Change password doesn't validate CSRF token properly. Impact An attacker can force the victim to change password without knowing. To successfully complete this attack the victim needs to be logged to the Guardian/CMC and visit a special prepared page containing the forged change password...