The vulnerability of NextCloud Mail’s email client, related to insufficient validation of incoming requests, allows attackers to scan internal services and servers accessible from the local network of the NextCloud server.

The vulnerability of NextCloud Mail’s email client stems from insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to scan internal services and servers accessible from the local network of the NextCloud server...

SUSE CVE-2023-25816

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround ...

SUSE CVE-2023-25821

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

CVE-2023-26041

Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to...

Code injection

Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to...

CVE-2023-26041

The CVE-2023-26041 issue affects Nextcloud Talk: when cron jobs are misconfigured, expired messages are not actually expired and the API still returns them, with frontend hiding not applied. This results in conversations showing messages that should have expired. Affected product: Nextcloud Talk ...

CVE-2023-26041 Nextcloud Talk messages can still be seen on conversation after expiring when cron is misconfigured

Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to...

CVE-2023-26041 Nextcloud Talk messages can still be seen on conversation after expiring when cron is misconfigured

Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to...

CVE-2023-26041 Nextcloud Talk messages can still be seen on conversation after expiring when cron is misconfigured

Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to...

Messages can still be seen on conversation after expiring when cron is misconfigured

None...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions of Nextcloud prior to 15.0.3, which stems from the fact that when jobs are misconfigured and therefore messages...

PT-2023-20444 · Nextcloud · Nextcloud Talk

Name of the Vulnerable Software and Affected Versions: Nextcloud Talk versions prior to 15.0.3 Description: Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured, messages were not expired, and the API would still return them while the...

CVE-2023-25821

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

CVE-2023-25816

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround ...

Improper access control

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

Design/Logic Flaw

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround ...

Nextcloud 资源管理错误漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud 25.0.3 that stems from the presence of uncontrolled resource consumption, where a user can...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud versions 24.0.x prior to 24.0.7 and 25.0.x prior to 25.0.1, which stems from the inclusion of incorrect access...

CVE-2023-25821 Nextcloud download permissions can be changed by resharer

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

CVE-2023-25821

Nextcloud CVE-2023-25821 describes an Improper Access Control in Nextcloud Server prior to 24.0.7 and 25.0.1 where the Secure view for internal shares can be bypassed if reshare permissions are granted. Affected versions are 24.0.4–24.0.6 and 25.0.0–25.0.0 (and other lines indicate similar ranges...