14 matches found
EUVD-2022-52719
Malicious code in bioql PyPI...
EUVD-2023-29131
Malicious code in bioql PyPI...
EUVD-2023-29128
Malicious code in bioql PyPI...
CVE-2023-25150
Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...
SUSE CVE-2023-28645
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
Code injection
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and...
CVE-2023-25159
CVE-2023-25159 affects Nextcloud Server and related components. Technical details from PT Security show the issue resides in OCFilesNodeFolder::getFullPath(), where improper validation/normalization can allow crafted paths to escape a user’s space, potentially overwriting other users’ data. Affec...
CVE-2023-25159 Nextcloud Server previews are accessible without a watermark
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and...
CVE-2023-25150 Document content of files can be obtained through Collabora for files of other users
Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...
Document content of files can be obtained through Collabora for files of other users
None...
PT-2023-19940 · Nextcloud · Nextcloud Office
Name of the Vulnerable Software and Affected Versions: Nextcloud Office versions prior to 7.0.2 Nextcloud Office versions prior to 6.3.2 Nextcloud Office versions prior to 5.0.10 Nextcloud Office versions prior to 4.2.9 Nextcloud Office versions prior to 3.8.7 Description: The Collabora integrati...
CVE-2022-31024
The CVE-2022-31024 issue affects Nextcloud richdocuments (Collabora) where federated shares can cause a user to edit against a remote Office by default (iframe-based exploitation). Root cause: federation setup allows instructing a user’s editing session to target a different server. Affected vers...
CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...
Federated editing allows iframing remote servers by default
None...