PT-2022-20543 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 22.2.7 Nextcloud Server versions prior to 23.0.4 Nextcloud Server versions prior to 24.0.0 Description: The issue concerns the audit log in Nextcloud Server, which is used to track actions but was not proper...

Nextcloud: Exception logging in Sharepoint app reveals clear-text connection details

Summary: On Exceptions thrown in the context of the SharePoint app, connection credentials may be written to the Nextcloud log in clear text. Steps To Reproduce: Attempt to configure a sharepoint mount in an erroneous way. Supporting Material/References: was files publically:...

CVE-2022-31131

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

Design/Logic Flaw

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

CVE-2022-31131 Ownership check missing when updating or deleting mail attachments in Nextcloud mail

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

CVE-2022-31131 Ownership check missing when updating or deleting mail attachments in Nextcloud mail

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

CVE-2022-31131

CVE-2022-31131 affects Nextcloud Mail prior to version 1.12.2, where tasks related to mail attachments lack proper user ownership checks. This could allow attachments to be exposed to or manipulated by incorrect system users when updating or deleting entries in oc_mail_attachments. Impact is desc...

CVE-2022-31131 Ownership check missing when updating or deleting mail attachments in Nextcloud mail

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

Ownership check missing when updating or deleting mail attachments

None...

Nextcloud 授权问题漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an authorization issue vulnerability that stems from a lack of user account ownership checks...

PT-2022-20551 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud mail versions prior to 1.12.2 Description: The issue concerns missing user account ownership checks when performing tasks related to mail attachments in Nextcloud mail, potentially exposing attachments to incorrect system users...

Nextcloud Server < 22.2.8, 23.x < 23.0.5, 24.x < 24.0.1 Command Injection Vulnerability (GHSA-264h-3v4w-6xh2)

Nextcloud Server is prone to an SMTP command injection vulnerability in iCalendar Attachments to emails via newlines. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2022-31014

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an...

Command injection

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an...

CVE-2022-31014 SMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an...

CVE-2022-31014

CVE-2022-31014 affects Nextcloud Server; SMTP command injection via iCalendar attachments through newline handling. Affected versions are Nextcloud Server up to 22.2.7/8, 23.x up to 23.0.5, and 24.x up to 24.0.1 (per sources). The root cause is insufficient sanitization of newline characters in S...

CVE-2022-31014 SMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an...

Nextcloud 注入漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an injection vulnerability that stems from susceptibility to SMTP command injection attacks...

SMTP Command Injection in iCalendar Attachments to emails via newlines

None...

Nextcloud: SSRF via potential filter bypass with too lax local domain checking

Summary: Hi. Reviewing the code for filtering for ssrf, in preventLocalAddress, we can see that it calls the function ThrowIfLocalAddress. It has three common checks, first, it checks if the string is localhost, or if it ends in .local or .localhost php // Disallow localhost and local network if...