4992 matches found
CVE-2023-32318 User session not correctly destroyed on logout
Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous...
Nextcloud 代码问题漏洞
Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud server, which stems from a session handling regression between Nextcloud Server and the Nextcloud Text application tha...
NextCloud Cookbook 操作系统命令注入漏洞
NextCloud Cookbook is a recipe from NextCloud, Inc. NextCloud Cookbook has a security vulnerability that stems from the use of an untrusted github.headref field...
Nextcloud 安全漏洞
Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in the Nextcloud server that stems from the lack of brute-force protection for WebDAV endpoints via the basic authentication header...
PT-2023-8428 · Nextcloud +1 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 25.0.6 Nextcloud Server versions prior to 26.0.1 Description: A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout...
CVE-2023-32074
useroidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in useroidc app. It is recommended that the Nextcloud useroidc app is upgraded to 1.3.2...
Authentication flaw
useroidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in useroidc app. It is recommended that the Nextcloud useroidc app is upgraded to 1.3.2...
CVE-2023-32074 Nextcloud user_oidc app is missing brute force protection
useroidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in useroidc app. It is recommended that the Nextcloud useroidc app is upgraded to 1.3.2...
CVE-2023-32074 Nextcloud user_oidc app is missing brute force protection
useroidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in useroidc app. It is recommended that the Nextcloud useroidc app is upgraded to 1.3.2...
CVE-2023-32074
CVE-2023-32074 affects the Nextcloud user_oidc app (OpenID Connect backend). The issue is an authentication flaw where brute-force protection is missing, allowing potential credential testing that can break or bypass authentication. The vulnerability is described for versions prior to 1.3.2; reme...
CVE-2023-32074 Nextcloud user_oidc app is missing brute force protection
useroidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in useroidc app. It is recommended that the Nextcloud useroidc app is upgraded to 1.3.2...
Error in calendar when booking an appointment reveals the full path of the website
None...
Contacts - PHOTO svg only sanitized if mime type is all lower case
None...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud 1.3.2, which stems from the ability to break/bypass authentication in the application...
PT-2023-23585 · Nextcloud · User Oidc
Name of the Vulnerable Software and Affected Versions: user oidc app versions prior to 1.3.2 Description: The user oidc app, an OpenID Connect user backend for Nextcloud, has an issue where authentication can be broken or bypassed. Recommendations: For versions prior to 1.3.2, upgrade the Nextclo...
Nextcloud Server 24.0.x < 24.0.11, 25.0.x < 25.0.5 Missing Brute-Force Protection Vulnerability (GHSA-mr7q-xf62-fw54)
Nextcloud Server is prone to a missing brute-force protection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server 25.0.2 < 25.0.6, 26.0.x < 26.0.1 Insufficient Session Expiration Vulnerability (GHSA-q8c4-chpj-6v38)
Nextcloud Server is prone to an insufficient session expiration vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Basic auth header on WebDAV requests is not brute-force protected
None...
User session not correctly destroyed on logout
None...
user_oidc app is missing bruteforce protection
None...