4 matches found
CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...
CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...
Federated editing allows iframing remote servers by default
None...
Nextcloud: Federated editing allows iframing possibly malicious remotes
So this attack is less likely now that you killed the trusted server auto adding. But as far as I could tell you did not clear out old servers. Let me first describe the attack: 1. UserA on ServerA sends a federated share to userB on serverB 2. Assume serverA and serverB are trusted servers 3. No...