Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Desktop Client version 3.0.0 through versions prior to 3.6.5. An attacker can exploit the vulnerability to gai...

Nextcloud 信任管理问题漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A trust management issue vulnerability exists in Nextcloud Desktop Client version 3.0.0 through versions prior to 3.7.0. An attacker could exploit this...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that originates from allowing a malicious server to gain access to E2EE folders. Affected products and version...

PT-2023-22073 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions 3.0.0 through 3.6.4 Description: The issue allows a malicious server administrator to recover and modify the contents of end-to-end encrypted files. This is a significant concern for users who rely on the...

PT-2023-22074 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions 3.0.0 through 3.6.4 Description: A malicious server administrator can gain full access to an end-to-end encrypted folder, allowing them to decrypt files, recover the folder structure, and add new files...

user_oidc 跨站请求伪造漏洞

Nextcloud useroidc is an application from Nextcloud, Germany. A cross-site request forgery vulnerability exists in useroidc versions 1.0.0 through 1.3.0, which stems from the application copying an expected status token from the first request to the second request...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Desktop Client version 3.0.0 through versions prior to 3.6.5. An attacker could exploit the vulnerability to...

PT-2023-22077 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions 3.0.0 through 3.6.x Description: The Nextcloud Desktop Client synchronizes files from Nextcloud Server. A malicious server could exploit the client's trust in the server's certificate, leading to the encrypti...

openSUSE 15 Security Update : nextcloud (openSUSE-SU-2023:0083-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0083-1 advisory. - Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10,...

Nextcloud Server 25.x < 25.0.3 DoS Vulnerability (GHSA-9wmj-gp8v-477j)

Nextcloud Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-28834

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...

Information disclosure

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...

CVE-2023-28834 Full path of data directory exposed to Nextcloud server users

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...

CVE-2023-28834 Full path of data directory exposed to Nextcloud server users

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...

CVE-2023-28834 Full path of data directory exposed to Nextcloud server users

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...

CVE-2023-28834

Summary of CVE-2023-28834 (Nextcloud Server information disclosure) Affected: Nextcloud Server 24.0.0–24.0.6, 25.0.0–25.0.4; Nextcloud Enterprise Server 23.0.0–23.0.11, 24.0.0–24.0.6, 25.0.0–25.0.4. Root cause: An API endpoint allowed a user to obtain the full data directory path of the Nextcloud...

OPENSUSE-SU-2023:0083-1 Security update for nextcloud

This update for nextcloud fixes the following issues: - Update to 23.0.12 See: https://nextcloud.com/changelog/latest23 - This also fix security issues: - CVE-2022-35931: Password Policy app could generate passwords that would be block boo1203190 - CVE-2022-39346: Missing length validation of use...

Full path of data directory exposed to users

None...

GHSA-H3C9-CMH8-7QPJ

creationtimestamp| type| source ---|---|--- 2023-04-03 12:26:26+00:00| seen| https://www.cert.at/de/warnungen/2023/4/kritische-sicherheitslucke-in-nextcloud-und-nextcloud-enterprise-updates-verfugbar 2023-04-05 22:05:51+00:00| published-proof-of-concept| https://t.me/DEVILTEAM11/353...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2023:0083-1 Rating: important References: 1203190 1205802 1208591 Cross-References: CVE-2022-35931 CVE-2022-39346 CVE-2023-25579 CVSS scores: CVE-2022-35931 NVD : 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N...