Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1252-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1253-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1255-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

Nextcloud: User files is disclosed when someone called while the screen is locked

Summary: User files in the server is disclosed while the screen is locked when someone called. Steps To Reproduce: add details for how we can reproduce the issue 1. Make 2 Accounts, Lets call them Account A and Account B 2. Using Account A login to https://nextcloud/apps/spreed/ 3. Using Account ...

OPENSUSE-SU-2021:1250-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.12 Fix boo1190291: - CVE-2021-32766 CWE-209: Generation of Error Message Containing Sensitive Information - CVE-2021-32800 CWE-306: Missing Authentication for Critical Function - CVE-2021-32801 CWE-532: Insertion of Sensitive...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1250-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

Nextcloud: Folder architecture and Filesizes of private file drop shares can be getten

Steps To Reproduce: 1. Create a new Folder "TestABC" 2. Share a password protected link of this folder 3. Create a file "README.md" and a file "README.md" in the Subfolder "Subfolder". == curl -H "OCS-APIREQUEST: true" "http://localhost/ocs/v2.php/apps/text/public/workspace?shareToken=ABCDE12345"...

Nextcloud: objectId in share location can be set to open arbitrary URL or Deeplinks

Summary: The NextCloud Talk app allows a user to share their location in the Mobile App. The objectId= in /ocs/v2.php/apps/spreed/api/v1/chat/$token/share Can be set to a URL or Deeplink, While the metaData= will render the map, Once a user clicked the map it will open the defined URL or Deeplink...

Nextcloud Information Disclosure Vulnerability (CNVD-2021-70105)

An information disclosure vulnerability exists in Nextcloud Richdocuments, an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the fact that in the affected version, the Richdocuments OCS endpoint is not...

Nextcloud has an unspecified vulnerability (CNVD-2022-18419)

Nextcloud Text is an open source self-hosted file synchronization and sharing communication application platform from the German company Nextcloud. Nextcloud Text has a security vulnerability that could be exploited by attackers to enumerate folders in such shares...

Nextcloud Circles Licensing Issues Vulnerability Vulnerability

Nextcloud Circles, an open source social network built by Nextcloud Germany for the Nextcloud ecosystem, is vulnerable to an authorization issue in versions prior to 0.19.15, 0.20.11, and 0.21.4, which stems from a vulnerability in the Nextcloud Circles The application allows any user to join any...

Nextcloud Circles Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Nextcloud Circles, an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the failure of the product's Content-Security-Policy to properly handle incoming input data in...

Nextcloud Information Disclosure Vulnerability (CNVD-2021-70109)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud Richdocuments, which stems from the fact that there is no rate limitation on Richdocuments OCS...

Nextcloud Code Execution Vulnerability

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Germany's Nextcloud. Nextcloud is vulnerable to a code execution vulnerability that stems from Nextcloud's support for rendering image previews of file content provided to users, whic...

Nextcloud server authorization issue vulnerability (CNVD-2021-102886)

Nextcloud server is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server is vulnerable to authorization issues in versions prior to 20.0.12, 21.0.4 or 22.1.0. The vulnerability stems from a lack of authentication...

Deck has unspecified vulnerabilities

Deck is a Kanban-style organization tool. Designed for individual planning and project organization for teams integrated with Nextcloud, a security vulnerability exists in Deck that stems from the Deck application not properly checking for user membership in a Circle. An attacker could exploit th...

Nextcloud Server Multiple Vulnerabilities (Sep 2021)

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

Nextcloud Server Information Disclosure Vulnerability (CNVD-2022-20700)

An information disclosure vulnerability exists in Nextcloud Server, an open source, powerful cloud storage network drive project. An attacker could use this vulnerability to bypass the dual authentication in Nextcloud, and an attacker who knows the password or has access to the WebAuthN trusted...

CVE-2021-32800

Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended...

CVE-2021-32801

Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4...