EUVD-2022-52752

Malicious code in bioql PyPI...

Server-Side Request Forgery in federated sharing API - ownCloud

Server-Side Request Forgery in federated sharing API may allow an unauthenticated attacker to identify internal servers. Furthermore, due to improper timeout handling, the server could be affected by a Denial of Service attack...

CVE-2022-31118

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares a-zA-Z0-9 ^ 15. It is recommended that the Nextcloud Server is upgraded t...

Design/Logic Flaw

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares a-zA-Z0-9 ^ 15. It is recommended that the Nextcloud Server is upgraded t...

CVE-2022-31118 Missing brute force protection on cloud federation sharing in Nextcloud Server

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares a-zA-Z0-9 ^ 15. It is recommended that the Nextcloud Server is upgraded t...

CVE-2022-31118

This CVE affects Nextcloud Server federated sharing. Affected: Nextcloud Server versions vulnerable to brute-forcing to detect federated sharing and potentially brute-force access tokens for federated shares. Root cause: insufficient brute-force protection for federated sharing, enabling exploita...

CVE-2022-31118 Missing brute force protection on cloud federation sharing in Nextcloud Server

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares a-zA-Z0-9 ^ 15. It is recommended that the Nextcloud Server is upgraded t...

CVE-2022-31118 Missing brute force protection on cloud federation sharing in Nextcloud Server

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares a-zA-Z0-9 ^ 15. It is recommended that the Nextcloud Server is upgraded t...

Missing brute force protection on cloud federation sharing

None...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in the Nextcloud server that stems from not properly logging federated sharing events...

PT-2022-20541 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 22.2.9 Nextcloud Server versions prior to 23.0.6 Nextcloud Server versions prior to 24.0.2 Description: The issue affects Nextcloud server, an open source personal cloud solution. An attacker could brute for...

Nextcloud 权限许可和访问控制问题漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A permission permission and access control issue vulnerability exists in Nextcloud Server in versions prior to 19.0.13, 20.011, and 21.0.3, which stems from...

PT-2021-19832 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue allows an attacker to gain write/read privileges on any Federated File Share. This can also...

Nextcloud: user can bypass password enforcement when federated sharing is enabled

If the admin forces password for link shares and federated shares are enabled, users can bypass this enforcement. Tested with Nextcloud 18.0.3 Steps to reproduce: - enable password enforcement for link shares as admin - as user1 create a link share with password - open the link share in a separat...

Nextcloud: Nextcloud domain and name of every user leaked to lookup server

Steps to reproduce: 0. Install and set up Nextcloud, optional: create a few random users 1. Apply the following patch to a standard Nextcloud server: patch diff --git a/settings/BackgroundJobs/VerifyUserData.php b/settings/BackgroundJobs/VerifyUserData.php index 56ebadff9c..76ed8b5ed3 100644 ---...

Nextcloud: (Authenticated) RCE by bypassing of the .htaccess blacklist

Storage::copyFromStorage doesn't check the content of a folder it copies against the list of blacklisted files. Meaning that if a user has access to an external storage inc. fed. shares that contains a .htaccess file, he can move the .htaccess file to the local data directory. The attack works on...