4987 matches found
Authorization
Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server...
Design/Logic Flaw
Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgrade...
CVE-2022-36074 Authentication headers exposed on by Nextcloud Server
Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server...
CVE-2022-36074 Authentication headers exposed on by Nextcloud Server
Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server...
CVE-2022-36074
The CVE-2022-36074 entry concerns Nextcloud Server where information disclosure occurs because the server fails to strip the Authorization header during HTTP downgrades. Affected products/versions include Nextcloud Server prior to 23.0.7 and 24.0.3 (enterprise versions 22.2.11, 23.0.7, or 24.0.3)...
CVE-2022-36074 Authentication headers exposed on by Nextcloud Server
Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server...
CVE-2022-36075 File list exposure in Nextcloud Files Access Control
Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgrade...
CVE-2022-36075
CVE-2022-36075 concerns exposure of file names to users with limited access in the Nextcloud Files Access Control app. Affected component: Nextcloud Files Access Control (Nextcloud) prior to versions 1.12.2, 1.13.1, and 1.14.1. Root cause details are not explicitly stated in the provided document...
CVE-2022-36075 File list exposure in Nextcloud Files Access Control
Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgrade...
CVE-2022-36075 File list exposure in Nextcloud Files Access Control
Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgrade...
Listing folder content blocked by files access control when received as share
None...
Authentication header is passed on by Nextcloud Server due to a vulnerable GuzzleHTTP version
None...
Nextcloud 信息泄露漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud server versions prior to 23.0.7, 24.0.3 and prior to 24.0.3, which stems from the inability to...
PT-2022-23163 · Nextcloud · Nextcloud Files Access Control App
Name of the Vulnerable Software and Affected Versions: Nextcloud Files Access Control app versions prior to 1.12.2 Nextcloud Files Access Control app versions prior to 1.13.1 Nextcloud Files Access Control app versions prior to 1.14.1 Description: The Nextcloud Files Access Control app has an iss...
Nextcloud 信息泄露漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud files access control, which stems from a user being able to see the names of files with...
Nextcloud: nextcloudcmd incorrectly trusts bad TLS certificates
Ref: https://github.com/nextcloud/desktop/issues/4927 Bug description I have a self hosted Nextcloud instance using my own private CA for TLS certs. When running nextcloudcmd without the --trust, it disregards the cert validation failure as "This is not an actual error" and proceeds with the sync...
Nextcloud: Name collision of shared folders
Vulnerability description not provided...
CVE-2022-35931
Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud...
Default credentials
Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud...
CVE-2022-35931
CVE-2022-35931 affects the Nextcloud Password Policy app. Prior to versions 22.2.10, 23.0.7, and 24.0.3, the random password generator may, in very rare cases, produce common passwords that the validator would block. A patch is provided by upgrading the Nextcloud Server to 22.2.10, 23.0.7, or 24....