PT-2020-6431 · Nextcloud +1 · Nextcloud Desktop Client +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.3.1 Description: The issue is related to the lack of SSL certificate verification when using the "Register with a Provider" flow in the Nextcloud Desktop Client, allowing a remote attacker to impac...

Nextcloud: Reflected XSS when renaming a file with a vulnerable name which results in an error

Hi, It looks like Nextcloud team will accept the XSS protected by the CSP. Report 896511 Here is another XSS. 1. Rename an existing filename to .jpg. 2. Anyone tries to rename this .jpg with an invalid filename, like add a "" in it, will trigger the XSS attack. 3. Need bypass the CSP. Thanks...

Nextcloud: XSS in image metadata field

Hi, Will you confirm the XSS vulnerability blocked by the CSP? On Nextcloud 19.0.0 1. Upload the PoC.jpg 2. Check the PoC.jpg metadata 3. Need bypass the CSP to trigger it Impact Cross-Site Scripting...

Nextcloud: Contacts menu (not app) fails to restrict (to local groups) for contacts from federated servers

In two Nextclouds A and B, in settings/admin/sharing, these settings are enabled: Restrict users to only share with users in their groups Restrict username autocompletion to users within the same groups Add server automatically once a federated share was created successfully Some user on A now...

Nextcloud: XSS through image upload of contacts using svg file

This is a bypass of report 808287 Upload the attached file for the image of a contact, right click "Open image in new tab" and you will see the xss. Impact The person viewing the image of a contact can be victim of XSS...

Nextcloud Talk Code Injection Vulnerability

Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. A code injection vulnerability exists in Nextcloud Talk versions 6.0.4, 7.0.2, and 8.0.7, which stems from the program failing to properly clean up Talk commands. An attacker could exploit the...

CVE-2020-8180

A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator...

CVE-2020-8180

A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator...

Code injection

A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator...

CVE-2020-8180

A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator...

CVE-2020-8180

CVE-2020-8180 affects Nextcloud Talk versions 6.0.4, 7.0.2, and 8.0.7. A too-lax validation allows an administrator-added, not properly sanitized talk command to inject code. This can lead to arbitrary code execution when a crafted command is processed (for example, using talk commands to trigger...

Increase random used for encryption (NC-SA-2020-023)

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended...

Password of share by mail is not hashed when given on the create share call (NC-SA-2020-026)

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...

Nextcloud -- Password share by mail not hashed

The Nextcloud project reports: NC-SA-2020-026 low: Password of share by mail is not hashed when given on the create share call A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...

Nextcloud: Allows any user to share their "Root" level folder by sharing "."

There seems to be a bug in the "File to Share" feature of Nextcloud Talk. This allows any authenticated user/admin to share their "root" level folder by manipulating the "path": parameter in the JSON body request to the remote API /nextcloud/ocs/v2.php/apps/filessharing/api/v1/shares Steps to rep...

New users can read all Nextcloud Deck data from previous user with same username (NC-SA-2021-007)

A logic error in Nextcloud Deck 1.0.1 allowed new users with a duplicate user identifier to use deck data of a previous deleted user...

Nextcloud: Re-Sharing allows increase of privileges

User A shares a file/folder to user B with re-sharing permission, but readonly - User B shares this file/folder to User C Needs the shareapidefaultpermissions set to 1 all checkmarks off in admin panel - User B can add write permissions for the share to User C User C may also be anonymous using a...

Nextcloud: The password of a mail share is not set if the password is given when the share is created (Nextcloud < 18)

Create a new mail share with a password by using the OCS endpoint with something like: curl -u admin:admin -X POST -H "OCS-APIRequest: true" "http://localhost/ocs/v1.php/apps/filessharing/api/v1/shares?path=welcome.txt&shareType=4&[email protected]&password=plainTextPassword" - Open the...

Nextcloud: The password of a mail share is not hashed if the password is given when the share is created

Create a new mail share with a password by using the OCS endpoint with something like: curl -u admin:admin -X POST -H "OCS-APIRequest: true" "http://localhost/ocs/v1.php/apps/filessharing/api/v1/shares?path=welcome.txt&shareType=4&[email protected]&password=plainTextPassword" - Check the...

openSUSE Security Update : nextcloud (openSUSE-2020-670)

This update for nextcloud to 18.0.4 fixes the following issues : Security issues fixed : - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe device...