SUSE CVE-2023-32319

Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issu...

CVE-2023-31128

Summary: CVE-2023-31128 concerns NextCloud Cookbook’s pull-checks.yml workflow, where an untrusted github.head_ref value can be attacker-controlled, enabling command injection via a crafted value (e.g., zzz";echo${IFS}"hello";#). The issue, stemming from a lack of input validation in the workflow...

CVE-2023-32318 User session not correctly destroyed on logout

Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous...

Nextcloud 代码问题漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud server, which stems from a session handling regression between Nextcloud Server and the Nextcloud Text application tha...

PT-2023-8428 · Nextcloud +1 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 25.0.6 Nextcloud Server versions prior to 26.0.1 Description: A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout...

Basic auth header on WebDAV requests is not brute-force protected

None...

SUSE CVE-2023-28847

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attack...

Nextcloud Server 24.x < 24.0.11, 25.x < 25.0.5 Missing Brute Force Protection Vulnerability (GHSA-r5wf-xj97-3w7w)

Nextcloud Server is prone to a missing brute force protection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-28847

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attack...

Default credentials

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attack...

CVE-2023-28847 Nextcloud Server missing brute force protection for passwords of password protected share links

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attack...

CVE-2023-28847

CVE-2023-28847 affects Nextcloud Server and Enterprise Server. Description: an attacker could brute-force the password of a share link due to missing brute-force protection. Affected versions include Nextcloud Server 24.0.0–24.0.10, 25.0.0–25.0.4, and Enterprise 23.0.0–23.0.11, plus related 24.0....

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from an unrestricted ability to validate passwords for shared links. An attacker could use...

Nextcloud Server Access Control Vulnerability (GHSA-3m2f-v8x7-9w99)

Nextcloud Server is prone to an access control vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-30539

Nextcloud Server/server family suffers an access control vulnerability where system tag based file access control or file retention rules can be abused to limit or grant access. Affected: Nextcloud Server, Enterprise Server, and related Files automated tagging app. Root cause: misapplied access c...

Nextcloud Server 25.x < 25.0.3 DoS Vulnerability (GHSA-53q2-cm29-7j83)

Nextcloud Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server 24.0.4 < 24.0.7, 25.x < 25.0.1 Improper Access Control Vulnerability (GHSA-7w6h-5qgw-4j94)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE CVE-2023-28834

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...

SUSE CVE-2023-28844

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to...

Nextcloud Server 25.x < 25.0.3 DoS Vulnerability (GHSA-9wmj-gp8v-477j)

Nextcloud Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...