1082 matches found
CVE-2023-39961
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and...
CVE-2023-39963 Missing password confirmation when creating app passwords
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a missing password confirmation allowed an attacker, after successfully steali...
CVE-2023-39963
CVE-2023-39963 affects Nextcloud Server: a missing password confirmation after stealing a session can allow an attacker to create app passwords for the victim in listed older branches (versions before patches 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8/9, 24.0.12.5, 25.0.9, 26.0.4, 27.0.1; patch...
CVE-2023-39962
Technical details for CVE-2023-39962 are not publicly available in the provided documents; monitor for updates from Nextcloud advisories.
CVE-2023-39961 Text does not respect "Allow download" permissions
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and...
CVE-2023-39959 Existence of calendars and address books can be checked by unauthenticated users
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for...
CVE-2023-39959
CVE-2023-39959 affects Nextcloud Server. Unauthenticated users could send a DAV request to determine whether a calendar or address book with a given identifier exists on victims’ accounts. Affected are Nextcloud Server versions prior to 25.0.9, 26.0.4, and 27.0.1 (and corresponding Enterprise Ser...
CVE-2023-39959 Existence of calendars and address books can be checked by unauthenticated users
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for...
CVE-2023-39958 Missing brute force protection on password reset token OAuth2 API controller
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients...
CVE-2023-39958 Missing brute force protection on password reset token OAuth2 API controller
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients...
CVE-2023-39952
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced...
Advanced permissions not respected when copying entire group folders
None...
PT-2023-27171 · User Oidc +1 · User Oidc +1
Name of the Vulnerable Software and Affected Versions: user oidc versions 1.0.0 through 1.3.2 Description: The issue affects the user oidc module, which provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. An attacker with at least read access to a snapshot of the...
Nextcloud Access Control Error Vulnerability
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. An access control error vulnerability exists in Nextcloud Server that stems from a lack of password validation...
PT-2023-5259 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 25.0.0 through 25.0.8 Nextcloud Server versions 26.0.0 through 26.0.3 Nextcloud Server versions 27.0.0 through 27.0.0 Description: The issue is related to improper access control in Nextcloud Server, which provides...
PT-2023-5257 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 20.0.0 through 20.0.14.14 Nextcloud Server versions 21.0.0 through 21.0.9.12 Nextcloud Server versions 22.0.0 through 22.2.10.13 Nextcloud Server versions 23.0.0 through 23.0.12.7 Nextcloud Server versions 24.0.0...
PT-2023-27175 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.4 through 25.0.8 Nextcloud Server versions 26.0.0 through 26.0.3 Nextcloud Server versions 27.0.0 through 27.0.0 Description: Nextcloud Server provides data storage for Nextcloud, an open source cloud platform...
PT-2023-5256 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 22.0.0 through 22.2.10.12 Nextcloud Server versions 23.0.0 through 23.0.12.7 Nextcloud Server versions 24.0.0 through 24.0.12.3 Nextcloud Server versions 25.0.0 through 25.0.7 Nextcloud Server versions 26.0.0 through...
Nextcloud Access Control Error Vulnerability
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Server. An attacker could exploit the vulnerability to inline add an image to a text file and...
Nextcloud Server Improper Access Control Vulnerability (GHSA-cq8w-v4fh-4rjq)
Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...