CVE-2022-39364 Exception logging in Sharepoint app reveals clear-text connection details

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log may gain knowledge of...

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud Server, Nextccloud Enterprise Server versions prior to 24.0.5. An attacker could exploit the vulnerability to...

Nextcloud 资源管理错误漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud Server, Nextccloud Enterprise Server versions prior to 24.0.6. An attacker exploited the vulnerability to cause...

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud Server, Nextccloud Enterprise Server versions prior to 24.0.5. An attacker could exploit the vulnerability to...

CVE-2022-39330

CVE-2022-39330 affects Nextcloud Server prior to 23.0.10 and 24.0.6, and Nextcloud Enterprise Server prior to 22.2.10, 23.0.10, 24.0.6. Description: a logged-in attacker can cause resource exhaustion (database/cpu load) by abusing sharee recommendations with the Circles feature; patches exist in ...

CVE-2022-39330 Database resource exhaustion for logged-in users via sharee recommendations with circles

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by...

CVE-2022-39364

CVE-2022-39364 affects Nextcloud Server and Enterprise Server: reading nextcloud.log can reveal credentials to connect to a SharePoint service. Affected versions include Nextcloud Server prior to 23.0.9 and prior to 24.0.5; Nextcloud Enterprise Server prior to 22.2.10.5, 23.0.9, and 24.0.5. Patch...

PT-2022-24931 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.9 and 24.0.5 Nextcloud Enterprise Server versions prior to 22.2.10.5, 23.0.9, and 24.0.5 Description: The issue affects Nextcloud Server, a file server software for the self-hosted productivity platform...

PT-2022-24902 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.9 Nextcloud Enterprise Server versions prior to 24.0.5 Description: The issue concerns exposure of information that cannot be controlled by administrators without direct database access. This affects...

PT-2022-24903 · Nextcloud +1 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.10 and 24.0.6 Nextcloud Enterprise Server versions prior to 22.2.10, 23.0.10, and 24.0.6 Description: The issue allows a logged-in attacker to slow down the system by generating a lot of database/cpu...

CVE-2022-39329

CVE-2022-39329 affects Nextcloud Server (and Enterprise Server) prior to versions 23.0.9 and 24.0.5, where information could be exposed without admin-controlled access and without database access. The issue is resolved by patches in 23.0.9 and 24.0.5, with no public workarounds reported. Affected...

CVE-2022-39329 Profile of disabled user stays accessible

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database acces...

CVE-2022-39364 Exception logging in Sharepoint app reveals clear-text connection details

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log may gain knowledge of...

CVE-2022-39329 Profile of disabled user stays accessible

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database acces...

CVE-2022-39330 Database resource exhaustion for logged-in users via sharee recommendations with circles

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by...

CVE-2022-39364 Exception logging in Sharepoint app reveals clear-text connection details

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log may gain knowledge of...

Nextcloud: Mail app - blind SSRF via smtpHost parameter

A blind SSRF vulnerability was discovered in the Nextcloud Mail application, allowing an attacker to retrieve services running locally on the server and scan the internal network for information. The vulnerability was found in the smtpHost parameter and could be exploited by any user with the mai...

Nextcloud: Disabled download shares still allow download through preview images

Summary: Steps To Reproduce: 1. Share a folder and disable the "Allow download" permission 2. Now as the recipient of the file you can still download the preview of the file This is an issue for images but also for shared documents where viewing them in Collabora would present them watermarked bu...

Nextcloud: Hide download previews are accessible without a watermark

A vulnerability was discovered in Nextcloud that allowed users to access download previews without a watermark, even when the watermark option was enabled. This could potentially compromise the privacy of the document and goes against the intended purpose of the feature...

Nextcloud: Insecure randomness for default password in file sharing when password policy app is disabled

The password generation function used for protecting shared links in Nextcloud was using an insecure random number generator, which could allow an attacker to access the shared files without knowledge of the password...