CVE-2021-37630

CVE-2021-37630 affects Nextcloud Circles. The issue is an authorization flaw in affected versions prior to 0.19.15, 0.20.11, or 0.21.4 that allows any user to join a Secret Circle without the circle owner’s approval, leaking private information. The vulnerability is mitigated only by upgrading Ne...

CVE-2021-37631 Circle can be accessed by non-Circle members in Nextcloud Deck

Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed other users in the instance to gain access t...

CVE-2021-37631

CVE-2021-37631 affects Nextcloud Deck. The vulnerability arises from improper checking of Circle membership, allowing non-circle members to access boards shared with a Circle. Affected software is Deck (Nextcloud integration); multiple sources (Red Hat, CNVD, OSV, CVE list, GHSA advisory) consist...

Nextcloud: Cards in Deck are readable by any user

Sensitive deck card contents were readable by any user, allowing unauthorized access to the information...

Nextcloud 安全漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Germany's Nextcloud. Nextcloud is vulnerable to a code execution vulnerability that stems from Nextcloud's support for rendering image previews of file content provided to users, whic...

Nextcloud 信息泄露漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud Richdocuments, which stems from the fact that there is no rate limitation on Richdocuments OCS...

Nextcloud 安全漏洞

Nextcloud Circles, an open source social network built by Nextcloud Germany for the Nextcloud ecosystem, is vulnerable to an authorization issue in versions prior to 0.19.15, 0.20.11, and 0.21.4, which stems from a vulnerability in the Nextcloud Circles The application allows any user to join any...

Nextcloud 日志信息泄露漏洞

An information disclosure vulnerability exists in Nextcloud Server, an open source, powerful cloud storage network drive project. An attacker could use this vulnerability to bypass the dual authentication in Nextcloud, and an attacker who knows the password or has access to the WebAuthN trusted...

Nextcloud 访问控制错误漏洞

Nextcloud server is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server is vulnerable to authorization issues in versions prior to 20.0.12, 21.0.4 or 22.1.0. The vulnerability stems from a lack of authentication...

Nextcloud 跨站脚本漏洞

A cross-site scripting vulnerability exists in Nextcloud Circles, an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the failure of the product's Content-Security-Policy to properly handle incoming input data in...

Nextcloud 信息泄露漏洞

An information disclosure vulnerability exists in Nextcloud Richdocuments, an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the fact that in the affected version, the Richdocuments OCS endpoint is not...

PT-2021-19940 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.12 Nextcloud Server versions prior to 21.0.4 Nextcloud Server versions prior to 22.1.0 Description: The Nextcloud server, an open-source, self-hosted personal cloud, has a issue where logging of...

PT-2021-19939 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.12 Nextcloud Server versions prior to 21.0.4 Nextcloud Server versions prior to 22.1.0 Description: The issue affects Nextcloud server, an open-source, self-hosted personal cloud. An attacker can bypass...

PT-2021-19941 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.12 Nextcloud Server versions prior to 21.0.4 Nextcloud Server versions prior to 22.1.0 Description: Nextcloud server is an open source, self-hosted personal cloud that supports rendering image previews...

Nextcloud安全漏洞

Deck is a Kanban-style organization tool. Designed for individual planning and project organization for teams integrated with Nextcloud, a security vulnerability exists in Deck that stems from the Deck application not properly checking for user membership in a Circle. An attacker could exploit th...

Nextcloud 安全漏洞

Nextcloud Text is an open source self-hosted file synchronization and sharing communication application platform from the German company Nextcloud. Nextcloud Text has a security vulnerability that could be exploited by attackers to enumerate folders in such shares...

Preview generation used third-party library not suited for user-generated content

None...

Secret Circle can be joined without approval

None...

Deck shared with a Circle can be accessed by non-Circle members

None...

File Drop can be bypassed using Richdocuments app

None...