CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

CVE-2022-31132

The CVE-2022-31132 issue affects Nextcloud Mail where versions shipped with the CSS minifier at ./vendor/cerdic/css-tidy/css_optimiser.php expose an unrestricted interface, enabling unauthenticated SSRF. Affected software is Nextcloud Mail; impact is described as Server-Side Request Forgery with ...

CVE-2022-31120 Federated share accepting/declining is not logged in audit log in Nextcloud Server

Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior...

CVE-2022-31120

Summary: CVE-2022-31120 affects Nextcloud Server. The issue is that federated share events were not properly logged in the audit log, enabling potential brute-force attempts to go unnoticed and exacerbating the impact of CVE-2022-31118. What’s affected: Nextcloud Server (versions before upgrades ...

CVE-2022-31120 Federated share accepting/declining is not logged in audit log in Nextcloud Server

Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior...

CVE-2022-31120 Federated share accepting/declining is not logged in audit log in Nextcloud Server

Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior...

CVE-2022-31118 Missing brute force protection on cloud federation sharing in Nextcloud Server

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares a-zA-Z0-9 ^ 15. It is recommended that the Nextcloud Server is upgraded t...

CVE-2022-31118 Missing brute force protection on cloud federation sharing in Nextcloud Server

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares a-zA-Z0-9 ^ 15. It is recommended that the Nextcloud Server is upgraded t...

CVE-2022-31118

This CVE affects Nextcloud Server federated sharing. Affected: Nextcloud Server versions vulnerable to brute-forcing to detect federated sharing and potentially brute-force access tokens for federated shares. Root cause: insufficient brute-force protection for federated sharing, enabling exploita...

CVE-2022-31118 Missing brute force protection on cloud federation sharing in Nextcloud Server

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares a-zA-Z0-9 ^ 15. It is recommended that the Nextcloud Server is upgraded t...

Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

None...

Missing brute force protection on cloud federation sharing

None...

Password disclosure in log file when providing incorrect additional data on initial setup of Mail App

None...

Federated share accepting/declining is not logged in audit log

None...

Nextcloud 日志信息泄露漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A log message disclosure vulnerability exists in Nextcloud Mail that originates from logging user passwords to disk...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in the Nextcloud server that stems from not properly logging federated sharing events...

Nextcloud 代码问题漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud Mail that stems from unrestricted access to minifier. An attacker could exploit this vulnerability to perfor...

PT-2022-20543 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 22.2.7 Nextcloud Server versions prior to 23.0.4 Nextcloud Server versions prior to 24.0.0 Description: The issue concerns the audit log in Nextcloud Server, which is used to track actions but was not proper...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud versions prior to 22.2.9, 23.0.6, and 24.0.2, which stems from an attacker being able to brute-force find out ...