Nextcloud 访问控制错误漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Mail versions prior to 1.4.3, and prior to 1.8.2, which can be exploited by an authenticated attacke...

PT-2021-19832 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue allows an attacker to gain write/read privileges on any Federated File Share. This can also...

PT-2021-19833 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue arises when an attacker converts a Files Drop link to a federated share, causing problems o...

PT-2021-19835 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 10.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: A malicious user may be able to break the user administration page, disallowing administrators to...

PT-2021-19831 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue affects Nextcloud Server, a package handling data storage. It sends user IDs to the lookup...

Nextcloud 安全漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server, which stems from the fact that when a sharing user opens the sharing panel and attempts to delete the...

Nextcloud 资源管理错误漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A vulnerability exists in Nextcloud Resource Management Error Vulnerability. No detailed vulnerability details are provided at this time...

PT-2021-19830 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.4.3 Nextcloud Mail versions prior to 1.8.2 Description: A missing permission check in Nextcloud Mail allows another authenticated user to access mail metadata of other users. Recommendations: For versions...

Nextcloud 安全漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that can be exploited by an attacker to send a user ID to a lookup server when the user is not set to a...

Nextcloud 访问控制错误漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that can be exploited by an attacker to access basic information about a server user by accessing a public...

Alias creation did not validate account ID

None...

Nextcloud: Leaking sensitive information through JSON file path.

Hello team, I have found one JSON path at "https://lookup.nextcloud.com/" which is leaking some information like Username, email id, version, etc.. I guess it show the user who have installed or configure anything through the vendor. I was also able to download some of the zip files of the vendor...

Nextcloud: Serverinfo endpoints are not bruteforce protected nor are tokens properly generated

The serverinfo app allows accessing the endpoints also via a custom token. https://github.com/nextcloud/serverinfo/blob/9ae9dde028a684e53a1b37c9ba8e964ffe42a97f/lib/Controller/ApiController.phpL121 The token is set/generated via...

Nextcloud: Federated editing allows iframing possibly malicious remotes

So this attack is less likely now that you killed the trusted server auto adding. But as far as I could tell you did not clear out old servers. Let me first describe the attack: 1. UserA on ServerA sends a federated share to userB on serverB 2. Assume serverA and serverB are trusted servers 3. No...

Nextcloud Desktop Client: User-assisted execution of arbitrary code

Background The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Description It was discovered that Nextcloud Desktop Client did not validate URLs. Impact A remote attacker could entice a user to connect to a malicious Nextcloud server to cause the...

Nextcloud: Webauthn tokens are not removed on user deletion

userA has an account on serverA 2. userA enables passwordless login webauthn and registers a key/device 3. userA is removed from the system 4. a new user comes along and gets assigned userA as id 5. the old userA tries to login with their key 6. the old userA can see all data of the new userA...

Nextcloud: No admin audit log for auth tokens

There seems to be no audit trail for auth tokens. Creating tokens Revoking tokens Scope changes Renames Marking the token to be wiped Impact As auth tokens are used to access your data having a track record when they are created helps a lot. If you also take https://hackerone.com/reports/1193321...

Nextcloud: No admin audit entry for enabling/disabling 2FA

Related to https://hackerone.com/reports/1177353 When a user enables or disables 2FA there is no entry in the audit log. Impact Especially for disabling it should probably be logged there. But account security related things should be in there...

Nextcloud: Federated share accepting/declining is not logged in audit log

In relation to https://hackerone.com/reports/1177353 1. Enable the audit log 2. Share a file to a federated user 3. So far all looks good in the log 4. the recipient checks either accepts or declines the share 5. There is no line regarding this in the logs. Impact The audit log is used to get a...

Nextcloud: Admin audit is not properly logging unsetting of expiration date

In relation to https://hackerone.com/reports/1177353 1. Enable the audit log 2. Share a file 3. Set and expiration date So far all looks good in the log 4. Unset the the expiration date. 5. See a pretty useless log line Impact The audit log is used to get a full trail of the actions which is now...