CVE-2023-28845 Chat room membership disclosed via autocompletion in Nextcloud talk

Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they...

CVE-2023-28844 User without download rights can download older version of that file in nextcloud server

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to...

CVE-2023-28844

CVE-2023-28844 affects Nextcloud Server; an access-control error allows users who should not download a file to retrieve an older version and distribute it. Affected versions were prior to 24.0.10 and prior to 25.0.4. The issue is mitigated by upgrading to Nextcloud Server 24.0.10 or 25.0.4 (or l...

CVE-2023-28844 User without download rights can download older version of that file in nextcloud server

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to...

CVE-2023-28844 User without download rights can download older version of that file in nextcloud server

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to...

CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

CVE-2023-28645

CVE-2023-28645 affects Nextcloud richdocuments (Collabora Online integration). The vulnerability allows bypass of the secure view feature via an unprotected internal API endpoint, potentially enabling unauthorized access to documents. Affected versions require upgrading the richdocuments app to 8...

CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

Secure view can be bypassed by using internal API endpoint

None...

User without download rights can download older version of that file

None...

Chat room membership disclosed via autocompletion when not a member yourself

None...

PT-2023-21870 · Nextcloud · Nextcloud Richdocuments

Name of the Vulnerable Software and Affected Versions: Nextcloud richdocuments versions prior to 6.3.2 Nextcloud richdocuments versions prior to 7.0.2 Nextcloud richdocuments versions prior to 8.0.0-beta.1 Description: The secure view feature of the rich documents app can be bypassed by using an...

Nextcloud 访问控制错误漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud richdocuments. An attacker could exploit the vulnerability to bypass the secure view feature...

Nextcloud 访问控制错误漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, a German company. An access control error vulnerability exists in the Nextcloud server, which stems from the fact that users who are not able to download files can still...

PT-2023-22002 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud server versions prior to 24.0.10 Nextcloud server versions prior to 25.0.4 Description: The issue affects Nextcloud server, an open source home cloud implementation, where users who should not have download permissions can still...

Nextcloud 访问控制错误漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud talk suffers from an access control error vulnerability that stems from an inability to properly filter access to a list of users. An attacker...

PT-2023-21996 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.0 through 24.0.6 Nextcloud Server versions 25.0.0 through 25.0.4 Nextcloud Enterprise Server versions 23.0.0 through 23.0.11 Nextcloud Enterprise Server versions 24.0.0 through 24.0.6 Nextcloud Enterprise Server...

Nextcloud Server 24.0.4 < 24.0.10, 25.x < 25.0.4 Improper Access Control Vulnerability (GHSA-w47p-f66h-h2vj)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2023-22004 · Nextcloud +1 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.0 through 24.0.10 Nextcloud Server versions 25.0.0 through 25.0.4 Nextcloud Server Enterprise versions 23.0.0 through 23.0.12.5 Nextcloud Server Enterprise versions 24.0.0 through 24.0.10 Nextcloud Server...