CVE-2023-25821 Nextcloud download permissions can be changed by resharer

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

CVE-2023-25821 Nextcloud download permissions can be changed by resharer

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

CVE-2023-25816 nextcloud vulnerable to Uncontrolled Resource Consumption

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround ...

CVE-2023-25816 nextcloud vulnerable to Uncontrolled Resource Consumption

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround ...

CVE-2023-25816

CVE-2023-25816 – Nextcloud resource consumption : The issue affects Nextcloud Server 25.0.0 through versions before 25.0.3, where an extremely long password can cause uncontrolled resource usage during validation. This vulnerability is addressed by upgrading to 25.0.3, as stated in the advisory a...

CVE-2023-25816 nextcloud vulnerable to Uncontrolled Resource Consumption

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround ...

No password length restriction in reset password endpoint

None...

Download permissions can be changed by resharer

None...

SUSE CVE-2023-25579

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath function was validating and normalizing the string in the wrong order. The function is used in the newFile and newFolder items, which may allow to creation of paths outside of ones own...

Nextcloud Server < 23.0.12, 24.x < 24.0.8, 25.x < 25.0.2 Path Traversal Vulnerability (GHSA-273v-9h7x-p68v)

Nextcloud Server is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-25579

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath function was validating and normalizing the string in the wrong order. The function is used in the newFile and newFolder items, which may allow to creation of paths outside of ones own...

Design/Logic Flaw

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath function was validating and normalizing the string in the wrong order. The function is used in the newFile and newFolder items, which may allow to creation of paths outside of ones own...

CVE-2023-25579 Directory traversal in Nextcloud server

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath function was validating and normalizing the string in the wrong order. The function is used in the newFile and newFolder items, which may allow to creation of paths outside of ones own...

CVE-2023-25579

Summary (CVE-2023-25579) Nextcloud server is affected by a directory traversal in OC\Files\Node\Folder::getFullPath(), where the function validated/normalized strings in the wrong order. This can let an attacker craft paths to escape their own space and overwrite data belonging to other users. Th...

CVE-2023-25579 Directory traversal in Nextcloud server

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath function was validating and normalizing the string in the wrong order. The function is used in the newFile and newFolder items, which may allow to creation of paths outside of ones own...

CVE-2023-25579 Directory traversal in Nextcloud server

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath function was validating and normalizing the string in the wrong order. The function is used in the newFile and newFolder items, which may allow to creation of paths outside of ones own...

Potential directory traversal in OC\Files\Node\Folder::getFullPath

None...

Nextcloud 路径遍历漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security vulnerability that stems from validating and normalizing strings in the wrong order, which can be exploited by an attacke...

Nextcloud: Basic auth header on WebDAV requests is not bruteforce protected

A basic authentication bypass vulnerability was discovered on WebDAV requests, due to a lack of rate limit protection. Attackers could brute force the password and gain full account takeover. The vulnerability was reported and fixed...

Nextcloud: ID4ME does not validate signature or expiration

The ID4ME did not validate the signature or expiration, leading to a security vulnerability...