CVE-2024-52525 Nextcloud Server User password is available in memory of the PHP process

Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage Redis or disk, but it would allow a malicious process that gains access to t...

Global credentials of external storages are sent back to the frontend

None...

Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty

None...

Desktop client created folders with world-readable and world-writable permissions on Linux

None...

Shares are not removed when user is limited to share with in their groups and being removed from one of them

None...

Incomplete sanitization of SVG files allows to embed other images into previews

None...

User can copy folder that contain files that are blocked by the files access control

None...

Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares

None...

Open redirection when logging in with User OIDC

None...

Authorization Bypass Through User-Controlled Key in Tables

None...

Share information of Tables app is not limited to affected users

None...

Mail app does not respect download permissions in shares

None...

Mail auto configurator sends account information to `autoconfig.tld` server when no auto-configuration is possible

None...

Missing password confirmation when changing external storage options

None...

OAuth2 client secrets were stored in a recoverable way

None...

Link reference provider can be tricked into downloading bigger files than intended

None...

Potential hash collision for background jobs could skip queuing them

None...

Custom defined credentials of external storages are sent back to the frontend

None...

User password is available in memory of the PHP process

None...

Nextcloud 访问控制错误漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an Access Control Error vulnerability that stems from the fact that when a file is blocked by access control, users can still copy an...