PT-2022-19421 · Nextcloud · Nextcloud Android App

Name of the Vulnerable Software and Affected Versions: Nextcloud Android versions prior to 3.19.0 Description: The issue concerns the existence of sensitive tokens, images, and user-related details after the deletion of a user account in Nextcloud Android. This could lead to the misuse of the...

Nextcloud信息泄露漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an information disclosure vulnerability that originates when the full path of an application is exposed to an unauthorized user...

Nextcloud 访问控制错误漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Android prior to version 3.19.0, which stems from the misuse of the former account holder's...

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 22.2.6, 23.0.3 and prior to 23.0.3, which originates from a user being able to create...

CVE-2022-24890

Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There...

Code injection

Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There...

CVE-2022-24890 Exposure of Private Personal Information to an Unauthorized Actor in Nextcloud Talk

Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There...

CVE-2022-24890

CVE-2022-24890 (Nextcloud Talk) affects Nextcloud Talk prior to versions 13.0.5 and 14.0.0, where a call moderator could indirectly enable a user's webcam by granting permissions that were removed. The underlying issue is exposure of webcam permissions that could be re-enabled without user consen...

CVE-2022-24890 Exposure of Private Personal Information to an Unauthorized Actor in Nextcloud Talk

Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There...

CVE-2022-24890 Exposure of Private Personal Information to an Unauthorized Actor in Nextcloud Talk

Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There...

Nextcloud Talk 信息泄露漏洞

Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. An information disclosure vulnerability exists in Nextcloud Talk versions 13.0.0 through 13.0.4, which allows remote attackers to access potentially sensitive information...

Moderator can enable cam/mic remotely if cam/mic-permission was disabled while user has activated cam/mic

None...

Nextcloud: Password disclosure in initial setup of Mail App

Summary: https://github.com/nextcloud/mail/issues/823 Steps To Reproduce: https://github.com/nextcloud/mail/issues/823 Impact Complete access to a IMAP account and possibly if the password is the same for the NC account, complete account control...

Nextcloud Android app information leakage vulnerability

Nextcloud Android app is an Android-based mobile application for accessing Nextcloud servers from the German company Nextcloud. nextcloud Android app versions prior to 3.19.0 are vulnerable to an information disclosure vulnerability that stems from insufficient privilege restrictions. An attacker...

Nextcloud Android app access control error vulnerability

Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. nextcloud Android app versions prior to 3.19.1 contain an access control error vulnerability that stems from improper access control, which is exploited by An authenticated attacke...

CVE-2022-24888

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...

CVE-2022-24889

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surfac...

Design/Logic Flaw

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...

Code injection

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surfac...

CVE-2022-24889 Insufficient Verification of Data Authenticity in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surfac...