CVE-2020-8236

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it...

CVE-2020-8173

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended...

CVE-2020-8183

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...

Design/Logic Flaw

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...

Design/Logic Flaw

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it...

Nextcloud: Stored XSS in markdown file with Nextcloud Talk using Internet Explorer

While editing a markdown file through the text app, users can create link elements that have a javascript URL such as javascript:alert1. Steps to reproduce: While editing a markdown file, select some text and click the "Add Link" button. Using a web proxy, intercept the request and change the hre...

CVE-2020-8183

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...

CVE-2020-8183

CVE-2020-8183 is a logic error in Nextcloud Server 19.0.0 where the share password was stored in plaintext during the initial create API call. Public records confirm this affects Nextcloud Server 19.0.0 and was addressed in later updates (e.g., Fedora advisories note fixes for CVE-2020-8183 in Ne...

CVE-2020-8173

CVE-2020-8173 affects Nextcloud Server 18.0.4, where a too-small set of random characters used for encryption enables decryption in less time than intended. The vulnerability’s root cause is insufficient randomness in the encryption key/IV generation. Remediation per connected advisories is to up...

CVE-2020-8173

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended...

CVE-2020-8236

Nextcloud Server 19.0.1 contains an improper authentication issue where a misconfiguration causes a passwordless WebAuthn PIN to be treated as two-factor authentication, but the PIN is not actually verified. This vulnerability could lead to users believing they have 2FA protection when the system...

CVE-2020-8236

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it...

Nextcloud Server < 17.0.7, 18.x < 18.0.5 Cryptographic Vulnerability (NC-SA-2020-023)

Nextcloud Server is prone to a cryptographic vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server 18.x < 18.0.6, 19.0.0 Plaintext Storage Vulnerability (NC-SA-2020-026)

Nextcloud Server is prone to a vulnerability where passwords of share by mail is not hashed when given on the create share call. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Nextcloud Server < 17.0.8, 18.x < 18.0.7, 19.0.0 Privilege Escalation Vulnerability (NC-SA-2020-029)

Nextcloud Server is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server 19.0.1 Improper Authentication Vulnerability (NC-SA-2020-037)

Nextcloud Server is prone to an improper authentication vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud: Leaked of Profile Image from URL changing

Chaning the email address of url will show other's profile images. Impact Leakage of Users Profile Pictures if known email...

Fedora 33 : nextcloud (2020-050aaa14f7)

Update to Nextcloud 19.0.3, fixes CVE-2020-8236, CVE-2020-8223, CVE-2020-8183, CVE-2020-8173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

Nextcloud: Potential DDoS when posting long data into workflow validation rules

A missing input validation in Nextcloud Server 20.0.1 allowed users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...

Fedora: Security Advisory for nextcloud (FEDORA-2020-050aaa14f7)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...