EUVD-2025-201451

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users emails, names, identifiers without prop...

Bypass group folder quota limit using attachment in text file

None...

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the authentication procedures’ deficiencies, which allow attackers to disclose protected information.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information...

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server allows attackers to gain unauthorized access to protected information, thereby enabling them to compromise the security of these systems.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server relates to the insecure storage of confidential information. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the storage of sensitive information in unencrypted form, allowing attackers to gain access to confidential data.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the storage of passwords in an unencrypted form during session data. Exploiting this vulnerability can allow attackers to gain access to confidential information...

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insufficient protection of sensitive data, allowing attackers to influence privacy issues.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to influence the confidentiality of sensitive information...

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the lack of security measures for website structures, allowing attackers to trigger service failures.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to the lack of protective measures for the website structure. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

CVE-2024-52517

Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the...

CVE-2024-52515 Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews

Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview the other file instead. It is recommended...

CVE-2024-52516 Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them

Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 o...

Potential hash collision for background jobs could skip queuing them

None...

User password is available in memory of the PHP process

None...

PT-2024-9159 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.11 Nextcloud Server versions prior to 29.0.8 Nextcloud Server versions prior to 30.0.1 Nextcloud Enterprise Server versions prior to 25.0.13.13 Nextcloud Enterprise Server versions prior to 26.0.13.9...

PT-2024-9158 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 and prior to 29.0.7 Nextcloud Enterprise Server versions prior to 27.1.11.8, prior to 28.0.10, and prior to 29.0.7 Description: The issue is related to the insecure storage of confidential informatio...

PT-2024-9165 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 22.2.11 Nextcloud Server versions prior to 23.0.11 Nextcloud Server versions prior to 24.0.6 Nextcloud Enterprise Server versions prior to 22.2.11 Nextcloud Enterprise Server versions prior to 23.0.11...

The vulnerability of cloud software in creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the authentication procedures’ flaws, which allow attackers to bypass the authentication process.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to bypass the 2FA authentication process...

CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...

CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...

CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...