68 matches found
CVE-2023-25150
Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...
Design/Logic Flaw
Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...
CVE-2023-25150
CVE-2023-25150 corresponds to an access control flaw in Nextcloud Office (Collabora Integration): the Collabora integration can be tricked into providing access to other users’ files without proper permission validation. Affected are Nextcloud Office/Collabora Integration versions prior to 7.0.2 ...
CVE-2023-25150 Document content of files can be obtained through Collabora for files of other users
Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...
Nextcloud 访问控制错误漏洞
Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud office/richdocuments, which stems from the ability to spoof the Collabora integration so that permission...
PT-2023-8425 · Nextcloud +1 · Nextcloud Enterprise Server +3
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.x through 24.0.7 Nextcloud Server versions 25.0.x through 25.0.0 Nextcloud Enterprise Server versions 24.0.x through 24.0.7 Nextcloud Enterprise Server versions 25.0.x through 25.0.0 Nextcloud Office Richdocumen...
Nextcloud: Secure view trivial to bypass
The secure view feature in Nextcloud was vulnerable to bypassing, allowing users to download files without watermarks. This was possible by using the richdocuments app and adding "/contents" to the URL. The checkbox indicating that downloading is not allowed was misleading, and a solution could b...
Malicious code in richdocuments (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3577c322faf937f4f8cda337527fe047e1f8764245a6bd75b770cafacd665391 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5786 Malicious code in richdocuments (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3577c322faf937f4f8cda337527fe047e1f8764245a6bd75b770cafacd665391 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-31024
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...
CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...
CVE-2022-31024
The CVE-2022-31024 issue affects Nextcloud richdocuments (Collabora) where federated shares can cause a user to edit against a remote Office by default (iframe-based exploitation). Root cause: federation setup allows instructing a user’s editing session to target a different server. Affected vers...
CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...
CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...
Nextcloud 访问控制错误漏洞
Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud richdocuments versions prior to 6.0.0, prior to 5.0.4, and prior to 4.2.6, which originates from a share...
Nextcloud Richdocuments Information Disclosure Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud Richdocuments application in versions prior to 3.8.6 and 4.2.3 is vulnerable to an information disclosure vulnerability where the vulnerable...
CVE-2021-39223
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...
CVE-2021-39223
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...
Path traversal
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...
CVE-2021-39223
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...