The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution lies in the incorrect expiration time of sessions, which allows attackers to bypass authentication processes.

The vulnerability of cloud software for creating and using Nextcloud Server storage solutions is related to incorrect session expiration times. Exploiting this vulnerability can allow a malicious actor to bypass authentication processes remotely...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage system, related to the unencrypted storage of critical information, allows attackers to compromise the passwords of arbitrary users.

The vulnerability of cloud software for creating and using Nextcloud Server storage involves the unencrypted storage of critical information. Exploiting this vulnerability can allow attackers to disclose the passwords of arbitrary users...

The vulnerability of cloud-based software for creating and using NextCloud Server’s data storage system is related to lack of access control. This allows a malicious individual to modify or delete VCards from the system address book on the NextCloud server.

The vulnerability of the index.php component in the Enterprise Server software package, a cloud-based software for creating and managing data storage in NextCloud Server, is related to inadequate access control mechanisms. Exploiting this vulnerability could allow an attacker to remotely modify o...

The vulnerability of cloud-based software for creating and using Nextcloud Server’s data storage system is related to improper access control. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage solutions is related to improper access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of cloud-based software for creating and using Nextcloud Server’s data storage solution lies in the lack of authentication attempt limits, which allows attackers to bypass the authentication process.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage solutions is related to the lack of restrictions on authentication attempts. Exploiting this vulnerability can allow a malicious actor to bypass the authentication process remotely...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution lies in the improper assignment of permissions to files, allowing a hacker to delete any files they desire.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage solutions is related to the improper assignment of permissions for files. Exploiting this vulnerability could allow a malicious actor to delete any files they desire...

The vulnerability of cloud-based software for creating and using Nextcloud Server’s data storage solution lies in the lack of authentication attempt limits. This allows attackers to execute a brute-force attack.

The vulnerability of cloud-based software for creating and using Nextcloud Server’s data storage solution is related to the lack of restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor to carry out a brute-force attack...

The vulnerability of the software for creating and using the Nextcloud Server’s data storage solution lies in its use of open redirection, which allows a hacker to redirect users to any arbitrary URL address.

The vulnerability of cloud software for creating and using Nextcloud Server storage relates to the use of open redirection. Exploiting this vulnerability could allow a malicious actor to redirect users to an arbitrary URL address...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage system lies in insufficiently checking incoming requests, allowing attackers to execute SSRF attacks.

The vulnerability of cloud software for creating and using Nextcloud Server storage solutions is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow a malicious actor to execute an SSRF attack remotely...

SUSE CVE-2024-22403

Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no...

CVE-2024-22400

The CVE-2024-22400 issue affects Nextcloud User SAML, an app for authenticating Nextcloud users via SAML. Affected versions allow an open redirect: a user_saml RelayState parameter can redirect to an uncontrolled third-party server. Mitigation per sources is to upgrade the User SAML app to versio...

PT-2024-1285 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.0 Description: The issue concerns the expiration of OAuth codes in Nextcloud Server, a self-hosted personal cloud system. In affected versions, OAuth codes did not expire, allowing an attacker who gains...

SUSE CVE-2023-49792

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a reverse proxy is configured as truste...

SUSE CVE-2023-49791

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an...

Authentication flaw

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a reverse proxy is configured as truste...

CVE-2023-49792

CVE-2023-49792 affects Nextcloud Server and Enterprise Server. When a trusted proxy is configured, the server may read an attacker’s remote address incorrectly, enabling authentication attempts to be misdirected. Affected versions include Nextcloud Server prior to 26.0.9, 27.1.4 and Nextcloud Ent...

CVE-2023-49791 Workflows do not require password confirmation on API level

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an...

CVE-2023-49791 Workflows do not require password confirmation on API level

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an...

PT-2023-8424 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 26.0.9 and 27.1.4 Nextcloud Enterprise Server versions prior to 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 Description: The issue is related to the lack of restrictions on authentication attempts,...

PT-2023-9220 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 26.0.9 and 27.1.4 Nextcloud Enterprise Server versions prior to 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 Description: The issue is related to Nextcloud Server, an open source cloud platform, wher...