CVE-2021-32652

Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the...

CVE-2021-32652

Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the...

Design/Logic Flaw

Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the...

CVE-2021-32652

CVE-2021-32652 affects Nextcloud Mail prior to versions 1.4.3 and 1.8.2, where a missing permission check allows an authenticated user to access mail metadata of other users. Public sources consistently state that versions 1.4.3 and 1.8.2 include patches; no workarounds beyond upgrading are known...

CVE-2021-32652 Missing permission check on email metadata retrieval

Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the...

Malicious user could break user administration page

None...

Default Nextcloud Server and iOS Client leak sharee searches to Nextcloud

None...

Trusted servers exchange can be triggered by attacker

None...

Attacker can obtain write access to any federated share/public link

None...

Files Drop public link can be added as federated share

None...

Default settings leak federated cloud ID to lookup server of all users

None...

End to end encryption folder locking is not properly protected

None...

Missing permission check on email metadata retrieval

None...

Default Nextcloud Server and Android Client leak sharee searches to Nextcloud

None...

Ratelimiting can be bypassed using IPv6 subnets

None...

Nextcloud deck sharee search leaks searches to lookupserver by default

None...

SSL certificate was not validated in Provider Registration Flow

None...

Nextcloud: Ratelimits do not apply to OCS DataResponse

Using $response-throttle on a DataResponse doesn't work as it is being transformed by BaseResponse into a OCS response. This response does not propagate any throttled setting. Impact Ratelimits on OCS DataResponse not functional...

Github json-smart-v1 缓冲区错误漏洞

Github json-smart-v1 is a Github open source application . Provides all non-indexed data in the data store as serialized JSON messages stored in the columns function . A security vulnerability exists in JSON Smart versions 1.3 and 2.4, which originates in the indexOf function of JSONParserByteArr...

Nextcloud 安全漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from a public link that can be added as a federated file share. An attacker could use this...