CVE-2019-15623

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...

PT-2020-9736 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 17.0.1 Description: A bug in the software causes workflow rules to depend on the file extension when checking file mimetypes. There is no information about the estimated number of potentially affected devices worldwid...

PT-2020-19957 · Nextcloud · Nextcloud Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 16.0.1 Description: A reflected Cross-Site Scripting issue was found in the svg generation of the affected software. Recommendations: For Nextcloud Server version 16.0.1, update to a version that includes a fix for th...

Nextcloud: "Secure View" aka "Hide Download" can be bypassed easily

The mid-2019 announced feature "Secure view" https://nextcloud.com/blog/secure-view-prevent-your-shared-files-from-getting-downloaded/ allows for hiding the Download button on public shares. Even though the announcement admits that there are always workarounds out there to get hands on the file...

Fedora 30 : webkit2gtk3 (2020-f11a905fc2)

Fix issues while trying to play a video on NextCloud. - Make sure the GL video sink uses a valid WebKit shared GL context. - Fix vertical alignment of text containing arabic diacritics. - Fix build with icu 65.1. - Fix page loading errors with websites using HSTS. - Fix web process crash when...

Nextcloud: Remote code execution via path traversal in Zip extraction in the Extract app

I realise this doesn't qualify for a reward, as it's a vulnerability in a third-party app, but as the app is part of the "official" VM image provided by Hansson IT, I think it's well worth fixing. The Extract app doesn't validate the path or filename of a zip file to be extracted, allowing an...

Cross-site Scripting (XSS)

nextcloud-vue-collections is vulnerable to cross-site scripting XSS. The vulnerability exists when the value of v-tooltip is rendered through an insecure defaultHTML configuration...

Cross-Site Scripting

Overview Versions of nextcloud-vue-collections prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The v-tooltip component has an insecure defaultHTML configuration that allows arbitrary JavaScript to be injected in the tooltip of a collection item. This allows attackers to execute arbitra...

Nextcloud: Update App Store: Django account high jacking vulnerability

High Severity Framework Security Fix Impact There's a nasty bug that allows accounts to be highjacked. Attackers still can't distribute archive since they are signed but can highjack admin accounts and swap out packges in the admin panel. I've updated the deps, tests work fine locally but you...

SSRF protection bypass in calendar subscriptions (NC-SA-2020-014)

A missing check for IPv4 nested inside IPv6 in Nextcloud server 17.0.1 allowed a SSRF when subscribing to a malicious calendar URL...

Nextcloud: Anonymous file drop page ignores user profile visibility restrictions

User profile on Nextcloud server by url like https:///index.php/settings/user includes personal information: photo, name, email address. For each listed fields user can select the visibility settings: local, contacts, public. It is expected that these settings will work in all places of the...

Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...

Nextcloud: Bypassing Passcode/Device credentials

Assume user have set "App passcode" to "Passcode/Device credentials". So whenever user opens the app, it will prompt to unlock before accessing the app. Unfortunately there is a issue, attacker can able to bypass the lock easily in two ways. Setup 1. Install NextCloud app and Log in. 2. Go to...

Nextcloud: SSRF on local storage of iOS mobile

The tester uploaded the text file, containing "test ssrf" message, in order to proof SSRF attack. 2. Next, the tester uploaded the common file and then manipulate the content and extension file to html format in order to find the application path: 3. The tester access that file and found the...

Nextcloud: Downgrade encryption scheme and break integrity through known-plaintext attack

The idea behind the Server Side Encryption is that you can move your encrypted files to an external party without that external party being able to to read or modify those files. Some time ago, Nextcloud switched from unauthenticated CFB cipher block mode to authenticated CTR cipher block mode in...

Nextcloud: SSRF protection bypass

CVSS ---- High 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Description ----------- The filter which protects Nextcloud from SSRF can be bypassed using IPv6/IPv4 address embedding. SSRF protection is for example used in the calendar or dav apps. Successful exploitation of the issue will allow...

Login and token disclosure to other Nextcloud services (NC-SA-2019-017)

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications...

Nextcloud 17 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the...

Nextcloud: Improper integrity protection of server-side encryption keys

The public keys used for the server-side encryption are not integrity-protected. These can easily replaced by anyone who has access to the data-at-rest data even when the per-user-keys are enabled, as described in https://nextcloud.com/security/threat-model/. This holds true for all key types -...

Nextcloud 17 Cross Site Request Forgery

Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 Nextcloud offers the industry-leading, on-premises content collaboration platfor...