4 matches found
Nextcloud Server 24.x < 24.0.10, 25.x < 25.0.4 Multiple Vulnerabilities (GHSA-h3c9-cmh8-7qpj, GHSA-ch7f-px7m-hg25, GHSA-5w64-6c42-rgcv, GHSA-7w2p-rp9m-9xp9)
Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...
CVE-2023-26482
creationtimestamp| type| source ---|---|--- 2023-03-30 22:35:31+00:00| seen| https://t.me/cibsecurity/61195 2023-04-03 12:26:26+00:00| seen| https://www.cert.at/de/warnungen/2023/4/kritische-sicherheitslucke-in-nextcloud-und-nextcloud-enterprise-updates-verfugbar 2023-04-05 22:05:51+00:00|...
CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...
CVE-2023-26482
CVE-2023-26482 affects Nextcloud Server (24.x prior to 24.0.10 and 25.x prior to 25.0.4 in several sources). The issue is a missing scope validation for Workflow operations, allowing creation of workflows intended for admins to be usable by non-admin contexts and, in combination with certain apps...