Limit contacts photo uploading to images (NC-SA-2020-024)

A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars...

Missing permission check on resharing a board (NC-SA-2020-025)

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...

Nextcloud: Possible denial of service when entering a loooong password

You can create a very long password until you get the last user to put and aries or DoS. Normally passwords have 8-10-24 digits. By sending a very long password 1.000.000 characters Usually this problem is caused by a vulnerable password hashing implementation. When a long password is sent, the...

Nextcloud: user can bypass password enforcement when federated sharing is enabled

If the admin forces password for link shares and federated shares are enabled, users can bypass this enforcement. Tested with Nextcloud 18.0.3 Steps to reproduce: - enable password enforcement for link shares as admin - as user1 create a link share with password - open the link share in a separat...

Nextcloud: Missing server side controls when editing the board’s sharing permissions per user

Author: Silvia Väli, Clarified Security https://www.clarifiedsecurity.com/silvia-vali/ Date: 24th of March, 2020 Description: When the regular user is visiting the Deck view, all created boards are displayed along with the ones that are shared with the user by others. Available functionality with...

Mail app not verifying TLS host of mail servers (NC-SA-2020-020)

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack...

Nextcloud Server < 16.0.9, 17.x < 17.0.4, 18.0.0 Access Control Vulnerability (NC-SA-2020-015)

Nextcloud Server is prone to an information disclosure vulnerability due to a missing access control check. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Nextcloud Server < 15.0.14, 16.x < 16.0.7, 17.x < 17.0.2 SSRF Vulnerability (NC-SA-2020-014)

Nextcloud Server is prone to a server-side request forgery SSRF protection bypass vulnerability in calendar subscriptions. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Nextcloud Desktop Client Code Injection Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code injection vulnerability exists in version 2.6.2 of Nextcloud Desktop Client for macOS-based platforms, which can be exploited by an attacker to load...

Nextcloud Server Access Control Error Vulnerability (CNVD-2020-21014)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Server versions prior to 18.0.1, 17.0.4 and 16.0.9, which can be exploited by an attacker to downloa...

Nextcloud server server-side request forgery vulnerability (CNVD-2020-21013)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A server-side request forgery vulnerability exists in Nextcloud server versions prior to 17.0.1, prior to 16.0.7, and prior to 15.0.14, and no detailed...

CVE-2020-8139

A missing access control check in Nextcloud Server 18.0.1, 17.0.4, and 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL...

CVE-2020-8138

A missing check for IPv4 nested inside IPv6 in Nextcloud server 17.0.1, 16.0.7, and 15.0.14 allowed a Server-Side Request Forgery SSRF vulnerability when subscribing to a malicious calendar URL...

CVE-2020-8138

A missing check for IPv4 nested inside IPv6 in Nextcloud server 17.0.1, 16.0.7, and 15.0.14 allowed a Server-Side Request Forgery SSRF vulnerability when subscribing to a malicious calendar URL...

CVE-2020-8139

A missing access control check in Nextcloud Server 18.0.1, 17.0.4, and 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL...

CVE-2020-8140

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the environment...

CVE-2020-8140

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the environment...

Improper access control

A missing access control check in Nextcloud Server 18.0.1, 17.0.4, and 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL...

Server side request forgery (ssrf)

A missing check for IPv4 nested inside IPv6 in Nextcloud server 17.0.1, 16.0.7, and 15.0.14 allowed a Server-Side Request Forgery SSRF vulnerability when subscribing to a malicious calendar URL...

Code injection

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the environment...