4980 matches found
CVE-2022-29163 Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...
CVE-2022-29163 Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...
CVE-2022-29163
CVE-2022-29163 affects Nextcloud Server: prior to versions 22.2.6 and 23.0.3, a user could create a link that is not password protected even when admin-required password protection is enforced. A patch exists in 22.2.6 and 23.0.3. No public workarounds are listed. Upgrade to 22.2.6+ or 23.0.3+ to...
CVE-2022-29160 Sensitive files/data exist after deletion of user account in Nextcloud Android
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android...
CVE-2022-29160 Sensitive files/data exist after deletion of user account in Nextcloud Android
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android...
CVE-2022-29160
Consolidated details indicate CVE-2022-29160 affects Nextcloud Android prior to version 3.19.0. The root cause is data remaining (sensitive tokens, images, and user-related details) after a user account deletion, leading to potential misuse of former account data. A fix is available in Nextcloud ...
CVE-2022-29160 Sensitive files/data exist after deletion of user account in Nextcloud Android
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android...
CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available...
CVE-2022-24906
CVE-2022-24906 affects Nextcloud Deck: an error in deleting deck card attachments reveals the full application path to unauthorized users. Documented impact is information disclosure (full path). Affected product: Nextcloud Deck (Nextcloud app); vulnerable component: deck attachment deletion flow...
CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available...
CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available...
CVE-2022-29159 Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions...
CVE-2022-29159 Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions...
CVE-2022-29159 Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions...
CVE-2022-29159
CVE-2022-29159 affects Nextcloud Deck (Kanban tool for Nextcloud). In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to another user’s board (an IDOR-like issue). A patch exists in Deck versions 1.4.8, 1.5.6, and 1.6.1. Public deta...
Bypass of password requirements when sharing a folder via the Circles app
None...
Sensitive files/ data exists post deletion of user account
None...
Possibility for anyone to add a stack with existing tasks on anyone's board in the Deck app
None...
Error in deleting deck cards attachment reveals the full application path
None...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck versions prior to 1.4.8, 1.5.6, and 1.6.1. An attacker exploited the vulnerability to move a stack with...