Lucene search
+L

68 matches found

nvd
nvd
added 2023/02/08 8:15 p.m.45 views

CVE-2023-25150

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...

5.8CVSS5.6AI score0.00735EPSS
Exploits0References3
prion
prion
added 2023/02/08 8:15 p.m.22 views

Design/Logic Flaw

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...

3.5CVSS5.5AI score0.00735EPSS
Exploits0References3Affected Software1
cve
cve
added 2023/02/08 7:15 p.m.97 views

CVE-2023-25150

CVE-2023-25150 corresponds to an access control flaw in Nextcloud Office (Collabora Integration): the Collabora integration can be tricked into providing access to other users’ files without proper permission validation. Affected are Nextcloud Office/Collabora Integration versions prior to 7.0.2 ...

5.8CVSS5.5AI score0.00735EPSS
Exploits0References3Affected Software1
osv
osv
added 2023/02/08 7:15 p.m.38 views

CVE-2023-25150 Document content of files can be obtained through Collabora for files of other users

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...

5.8CVSS5.5AI score0.00735EPSS
Exploits0References5
cnnvd
cnnvd
added 2023/02/08 12:0 a.m.5 views

Nextcloud 访问控制错误漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud office/richdocuments, which stems from the ability to spoof the Collabora integration so that permission...

5.8CVSS5.8AI score0.00735EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2023/02/03 12:0 a.m.5 views

PT-2023-8425 · Nextcloud +1 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.x through 24.0.7 Nextcloud Server versions 25.0.x through 25.0.0 Nextcloud Enterprise Server versions 24.0.x through 24.0.7 Nextcloud Enterprise Server versions 25.0.x through 25.0.0 Nextcloud Office Richdocumen...

8.8CVSS6.3AI score0.01373EPSS
Exploits3References28
hackerone
hackerone
added 2022/10/06 7:1 a.m.40 views

Nextcloud: Secure view trivial to bypass

The secure view feature in Nextcloud was vulnerable to bypassing, allowing users to download files without watermarks. This was possible by using the richdocuments app and adding "/contents" to the URL. The checkbox indicating that downloading is not allowed was misleading, and a solution could b...

6.5CVSS6.3AI score0.00745EPSS
Exploits0
ossf
ossf
added 2022/06/20 8:22 p.m.3 views

Malicious code in richdocuments (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3577c322faf937f4f8cda337527fe047e1f8764245a6bd75b770cafacd665391 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
osv
osv
added 2022/06/20 8:22 p.m.4 views

MAL-2022-5786 Malicious code in richdocuments (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3577c322faf937f4f8cda337527fe047e1f8764245a6bd75b770cafacd665391 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
nvd
nvd
added 2022/06/02 7:15 p.m.45 views

CVE-2022-31024

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...

6.5CVSS0.00572EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2022/06/02 6:25 p.m.6 views

CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...

6.5CVSS6.5AI score0.00572EPSS
Exploits0References3
cve
cve
added 2022/06/02 6:25 p.m.97 views

CVE-2022-31024

The CVE-2022-31024 issue affects Nextcloud richdocuments (Collabora) where federated shares can cause a user to edit against a remote Office by default (iframe-based exploitation). Root cause: federation setup allows instructing a user’s editing session to target a different server. Affected vers...

6.5CVSS6.4AI score0.00572EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2022/06/02 6:25 p.m.49 views

CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...

6.5CVSS6.6AI score0.00572EPSS
Exploits0References3
osv
osv
added 2022/06/02 6:25 p.m.28 views

CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...

6.5CVSS6.4AI score0.00572EPSS
Exploits0References5
cnnvd
cnnvd
added 2022/06/02 12:0 a.m.7 views

Nextcloud 访问控制错误漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud richdocuments versions prior to 6.0.0, prior to 5.0.4, and prior to 4.2.6, which originates from a share...

6.5CVSS6.5AI score0.00572EPSS
Exploits0References5
cnvd
cnvd
added 2021/10/28 12:0 a.m.21 views

Nextcloud Richdocuments Information Disclosure Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud Richdocuments application in versions prior to 3.8.6 and 4.2.3 is vulnerable to an information disclosure vulnerability where the vulnerable...

5.3CVSS0.6AI score0.01021EPSS
Exploits0References1
nvd
nvd
added 2021/10/25 10:15 p.m.23 views

CVE-2021-39223

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...

5.3CVSS0.01021EPSS
Exploits0References3
osv
osv
added 2021/10/25 10:15 p.m.17 views

CVE-2021-39223

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...

5.3CVSS6.6AI score
Exploits0References3
prion
prion
added 2021/10/25 10:15 p.m.16 views

Path traversal

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...

5CVSS5.1AI score0.01021EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2021/10/25 10:15 p.m.3 views

CVE-2021-39223

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...

5.3CVSS6.1AI score0.01021EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder