PT-2023-20176 · Nextcloud +1 · Nextcloud +1

Name of the Vulnerable Software and Affected Versions: Nextcloud server versions prior to 25.0.2 Nextcloud server versions prior to 24.0.8 Nextcloud server versions prior to 23.0.12 Description: The issue concerns the OCFilesNodeFolder::getFullPath function, which was validating and normalizing...

PT-2023-2378 · Nextcloud +2 · Nextcloud +2

Name of the Vulnerable Software and Affected Versions: Nextcloud versions 25.0.0 through 25.0.2 Description: The issue is related to Uncontrolled Resource Consumption in Nextcloud, an Open Source private cloud software. A user can configure a very long password, which consumes more resources on...

PT-2023-8425 · Nextcloud +1 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.x through 24.0.7 Nextcloud Server versions 25.0.x through 25.0.0 Nextcloud Enterprise Server versions 24.0.x through 24.0.7 Nextcloud Enterprise Server versions 25.0.x through 25.0.0 Nextcloud Office Richdocumen...

PT-2023-19947 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 25.0.1 Nextcloud Server versions prior to 24.0.8 Nextcloud Server versions prior to 23.0.12 Nextcloud Enterprise Server versions prior to 25.0.1 Nextcloud Enterprise Server versions prior to 24.0.8 Nextcloud...

PT-2023-2377 · Nextcloud +2 · Nextcloud +2

Name of the Vulnerable Software and Affected Versions: Nextcloud versions 24.0.4 through 24.0.6 Nextcloud versions 25.0.0 Description: The issue is related to improper access control in Nextcloud, a private cloud software. This can allow a remote attacker to gain unauthorized access to limited...

PT-2023-2470 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud server versions 25.0.0 through 25.0.2 Description: The issue is related to an inefficient fetch operation that may impact server performance and/or lead to a denial of service. This can be exploited by a remote attacker to initiate ...

PT-2023-2471 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 24.0.9 Nextcloud Server versions prior to 25.0.3 Description: The issue is related to the handling of shared resources with the same name in Nextcloud Server, particularly when a memory cache is configured. ...

Nextcloud: Chat room member disclosure via autocomplete API

It was possible to find out who is in a Spreed chat room using the autocomplete API, even if the person is not a member of the room. This vulnerability could have been exploited to gain information about the members of a chat room for malicious purposes...

Nextcloud: Full Passcode bypass on Nextcloud App iOS

Vulnerability description not provided...

Nextcloud: Missing brute force protection on password confirmation modal

A vulnerability was found in Nextcloud that allowed an attacker to bypass password protection and view a user's current password in cleartext. This was possible due to a lack of rate limit on the endpoints for generating backup codes, deleting accounts, and updating profiles. The vulnerability wa...

Nextcloud: Error in Booking an appointment reveals the full path of the website

A vulnerability in Nextcloud allowed users to reveal internal paths of the website when booking an appointment with SMTP configuration. An attacker could exploit this vulnerability to gain sensitive information about the website's internal structure...

Nextcloud Resource Management Error Vulnerability (CNVD-2023-04308)

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud Deck is vulnerable to a resource management error, which stems from a database error that can be generated when executed multiple times, leading to a DoS...

PT-2023-8426 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.0 through 24.0.8 Description: The issue is related to incorrect permission assignment for files, allowing a user to escalate their permissions and delete files they were not supposed to delete, but only view or...

PT-2023-19948 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 24.0.8 and prior to 23.0.12 Nextcloud Enterprise Server versions prior to 24.0.8 and prior to 23.0.12 Description: The issue concerns server-side request forgery SSRF, where attackers can leverage enclosed...

CVE-2023-22471

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is...

CVE-2023-22470

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that t...

Code injection

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that t...

Improper access control

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is...

CVE-2023-22471 Nextcloud Deck vulnerable to authorization bypass

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is...

CVE-2023-22471

CVE-2023-22471 affects Nextcloud Deck (Nextcloud Deck app) and is caused by broken access control that allows a user to delete attachments of other users. Public docs list vulnerable versions: Deck app prior to 1.6.5, prior to 1.7.3, and prior to 1.8.2. Impact is deletion of attachments across ca...