Nextcloud Server Authorization Bypass Vulnerability (May 2018) - Linux

Nextcloud Server is prone to authorization bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server Authorization Bypass Vulnerability (May 2018) - Windows

Nextcloud Server is prone to authorization bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud: OAuth2 Access Token and App Password Security Vulnerability

The OAuth2 endpoint of the Nextcloud server was not following RFC6749. The server did not perform required verification of provided data. And the server did not properly rotate and expire access tokens. In case of a compromised OAuth client this could lead to unauthorized access. After working...

openSUSE Security Update : nextcloud (openSUSE-2018-384)

This update for nextcloud fixes the following issues : Security issue fixed : - CVE-2017-0936: Nextcloud Server before 11.0.7 suffers from an Authorization Bypass Through User-Controlled Key vulnerability boo1087402. Bug fixes : - See online release notes for all relevant changes...

Nextcloud: Bruteforce in admin panel

Hello there, Admin panel of your website https://nextcloud.com/wp-login.php is vulnerable to bruteforce attacks as their is no rate-limiting. Impact Can gain access to admin panel. To fix this, Just add rate limiting...

The vulnerability of the cloud platform NextCloud in the operating system OpenSUSE Leap allows a hacker to gain root privileges.

The vulnerability of the cloud platform NextCloud in the operating system OpenSUSE Leap is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain root privileges during package updates using scripts located in the...

Nextcloud Server Design Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Server is a server version of it. A security vulnerability exists in Nextcloud Server versions prior to 11.0.7 and prior to 12.0.5. An attacker coul...

Nextcloud: Extremly simple way to bypass Nextcloud-Client PIN/Fingerprint lock

I'm sorry for my bad English, I'm German How to reproduce this security bug. Step 1: Take a normal Android smartphone maybe it also works on iOS, but I have not tested it yet. Step 2: Install the official nextcloud-client. Step 3: Set up nextcloud: Open the nextcloud app, tap on "Skip", enter the...

Authorization

Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...

CVE-2017-0936

Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...

CVE-2017-0936

Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...

CVE-2017-0936

Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...

CVE-2017-0936

CVE-2017-0936 affects Nextcloud Server prior to 11.0.7 and 12.0.5, where an Authorization Bypass Through User-Controlled Key vulnerability exists due to a missing ownership check. This allows logged-in users to change the scope of app passwords for other users. The app passwords themselves are no...

Micro Focus openSUSE NextCloud Elevation of Privilege Vulnerability

Micro Focus openSUSE is a Linux-based free operating system from Micro Focus in the U.K. NextCloud is a private cloud building software used in it. A security vulnerability exists in NextCloud in Micro Focus openSUSE, which stems from the program failing to securely use /srv/www/htdocs. During a...

CVE-2017-9286

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...

CVE-2017-9286

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...

Code injection

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...

CVE-2017-9286 nextcloud package security issues with /srv/www/htdocs

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...

CVE-2017-9286

The CVE-2017-9286 issue affects openSUSE’s Nextcloud packaging, where upgrading the nextcloud package could allow a local attacker running as wwwrun to escalate to root via an unsafe /srv/www/htdocs handling. The vulnerability stems from a race condition involving a /tmp file during upgrade. Reme...

Nextcloud: twofactor_auth bypassable if provider fails to load

Just want to preface this by saying that this is probably not a significant vulnerability, as it requires that the server either have recently been incorrectly upgraded or otherwise misconfigured. However in the administration of my own personal NextCloud instance I have hit this several times...