Design/Logic Flaw

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack...

Cross site scripting

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF...

Design/Logic Flaw

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint...

CVE-2020-8155

CVE-2020-8155 is addressed in Nextcloud security updates across multiple distributions. OpenSUSE and Fedora advisories show Nextcloud updates (e.g., openSUSE-2020-670, openSUSE-2020-0670-1, FEDORA_2020-C9863904DE/NASLs) that fix CVE-2020-8155. The openSUSE entries describe CVE-2020-8155 as a dire...

CVE-2020-8155

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF...

CVE-2020-8154

CVE-2020-8154 is an Insecure Direct Object Reference in Nextcloud Server (noted against 18.0.x) that allowed an attacker to remotely wipe other users’ devices via a crafted request to the affected endpoint. Publicly referenced advisories (openSUSE/OpenSUSE-SU-2020:0670-1 and openSUSE-670) associa...

CVE-2020-8154

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint...

CVE-2020-8156

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack...

CVE-2020-8156

CVE-2020-8156: Nextcloud Mail 1.1.3 has missing TLS host verification, enabling a man-in-the-middle attack. Affected component: Nextcloud Mail 1.1.3. Root cause: inadequate TLS host verification. Impact: potential eavesdropping/alteration of mail data (confidentiality/integrity) and partial avail...

PT-2020-19991 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail version 1.1.3 Description: A missing verification of the TLS host allowed a man-in-the-middle attack. Recommendations: For Nextcloud Mail version 1.1.3, update to a version that includes the fix for the missing TLS host...

Nextcloud: External storage app saves password for all users in the database

External storage filesexternal app save passwords of all users to database table "occredentials" even when "Log-in credentials, save in database" option is not used. It's a security risk that allow password extraction of all users. A local system admin that has access to database and nextcloud...

Nextcloud: Access Control: Inject tasks into other users decks

When moving a task to another deck a request is made to /apps/deck/cards/XXXX. in the request the destination stackId parameter is used. When a user changes the parameter to that of a stack not belonging to him the task is still added. PoC Create a card: POST /apps/deck/cards HTTP/1.1...

Nextcloud: Bypass hide download Nextcloud Share

Summary Hello everyone, accidentally browsing through nextcloud, I have found a small vulnerability on nextcloud server. This vulnerability allow download the file when the download function has been hidden Here is the error details. If anything is wrong please respond to me. Thanks you...

Nextcloud: Malicious apps can crash Nextcloud Android client by sending malformed intents

Not sure if this can be tracked as a security issue, but this definitely calls for a code change. This can be classified into Denial of Service category attack and can seriously hamper user experience. Asset: Nexcloud Android Client com.nextcloud.client Version: 3.11.1 latest Details The Nextclou...

Nextcloud: Cross site scripting - XSRF Token

Please follow below mentioned steps for reproducing the vulnerability. 1. Open URL: https://nextcloud.com/enterprise/buy/ 2. Fill up valid name and email address and put payload in other fields. Payload/s: 3. Submit it 4. Open email address you mentioned in the email field. 5. Open up the email...

FreeBSD : Nextcloud -- multiple vulnerabilities (afa018d9-8557-11ea-a5e2-d4c9ef517024)

Nextcloud reports : XSS in Files PDF viewer NC-SA-2020-019 Missing ownership check on remote wipe endpoint NC-SA-2020-018 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine an...

Nextcloud: No set limit to try to login in "https://auth.nextcloud.com/auth/realms/master/protocol/openid-connect/auth" page.

Hi. I checked the "https://nextcloud.com" page, and try to go to wp-admin page. Then, I found the login page "https://auth.nextcloud.com/auth/realms/master/protocol/openid-connect/auth" In this page, I tried to login more than 10 times!manually I think that I can try to brute force to this login...

Code injection possible with malformed Nextcloud Talk chat commands (NC-SA-2020-021)

A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator...

Nextcloud: Reduced purmations on encryption

OC\Security\SecureRandom::generate Reduced Permutations OC\Security\SecureRandom::generate will by default use a-Z0-9+/ 64 bytes character set. The numbers are not predictable, due to the use of randomint. Most notably the OC\Security\Crypto::encrypt method uses an IV with a length of 16 bytes. I...

Nextcloud: Code injection possible with malformed Nextcloud Talk chat commands

Summary The Nextcloud Talk app allows system administrators to setup chat commands that can be executed in Talk using the "/command" syntax. Users can provide additional arguments to the commands, such as "/calc 1+1" or "/wiki Hello", which are passed to the underlying script using @exec. If...