4993 matches found
CVE-2019-15620
CVE-2019-15620 describes an improper access control vulnerability in Nextcloud Talk 6.0.3 where the existence and names of private conversations can be leaked when those conversations are linked to another shared item via the Projects feature. Affected component is Nextcloud Talk (Spreed) 6.0.3. ...
CVE-2020-8118
CVE-2020-8118 describes an authenticated server-side request forgery (SSRF) in Nextcloud Server 16.0.1 . The vulnerability exists in the calendar application’s “add new subscription” workflow and permits an attacker to detect local and remote services. The connected documents consistently identif...
CVE-2019-15613
CVE-2019-15613 affects Nextcloud Server 17.0.1, where a bug causes workflow rules to depend on the file extension when checking MIME types. This can impact all three security properties (confidentiality, integrity, availability) per CVSS metrics (NVD: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H; base sco...
CVE-2020-8119
CVE-2020-8119 affects Nextcloud Server 17.0.0 and is described as improper authorization that leaks previews and files when a file-drop share link is opened via the gallery app. The connected updates show this vulnerability being addressed in Nextcloud-related security updates (e.g., openSUSE/SUS...
CVE-2019-15618
Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location...
PT-2020-9736 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 17.0.1 Description: A bug in the software causes workflow rules to depend on the file extension when checking file mimetypes. There is no information about the estimated number of potentially affected devices worldwid...
PT-2020-19957 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 16.0.1 Description: A reflected Cross-Site Scripting issue was found in the svg generation of the affected software. Recommendations: For Nextcloud Server version 16.0.1, update to a version that includes a fix for th...
Nextcloud: "Secure View" aka "Hide Download" can be bypassed easily
The mid-2019 announced feature "Secure view" https://nextcloud.com/blog/secure-view-prevent-your-shared-files-from-getting-downloaded/ allows for hiding the Download button on public shares. Even though the announcement admits that there are always workarounds out there to get hands on the file...
Fedora 30 : webkit2gtk3 (2020-f11a905fc2)
Fix issues while trying to play a video on NextCloud. - Make sure the GL video sink uses a valid WebKit shared GL context. - Fix vertical alignment of text containing arabic diacritics. - Fix build with icu 65.1. - Fix page loading errors with websites using HSTS. - Fix web process crash when...
Nextcloud: Remote code execution via path traversal in Zip extraction in the Extract app
I realise this doesn't qualify for a reward, as it's a vulnerability in a third-party app, but as the app is part of the "official" VM image provided by Hansson IT, I think it's well worth fixing. The Extract app doesn't validate the path or filename of a zip file to be extracted, allowing an...
Cross-site Scripting (XSS)
nextcloud-vue-collections is vulnerable to cross-site scripting XSS. The vulnerability exists when the value of v-tooltip is rendered through an insecure defaultHTML configuration...
Cross-Site Scripting
Overview Versions of nextcloud-vue-collections prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The v-tooltip component has an insecure defaultHTML configuration that allows arbitrary JavaScript to be injected in the tooltip of a collection item. This allows attackers to execute arbitra...
Nextcloud: Update App Store: Django account high jacking vulnerability
High Severity Framework Security Fix Impact There's a nasty bug that allows accounts to be highjacked. Attackers still can't distribute archive since they are signed but can highjack admin accounts and swap out packges in the admin panel. I've updated the deps, tests work fine locally but you...
SSRF protection bypass in calendar subscriptions (NC-SA-2020-014)
A missing check for IPv4 nested inside IPv6 in Nextcloud server 17.0.1 allowed a SSRF when subscribing to a malicious calendar URL...
Nextcloud: Anonymous file drop page ignores user profile visibility restrictions
User profile on Nextcloud server by url like https:///index.php/settings/user includes personal information: photo, name, email address. For each listed fields user can select the visibility settings: local, contacts, public. It is expected that these settings will work in all places of the...
Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...
Nextcloud: Bypassing Passcode/Device credentials
Assume user have set "App passcode" to "Passcode/Device credentials". So whenever user opens the app, it will prompt to unlock before accessing the app. Unfortunately there is a issue, attacker can able to bypass the lock easily in two ways. Setup 1. Install NextCloud app and Log in. 2. Go to...
Nextcloud: SSRF on local storage of iOS mobile
The tester uploaded the text file, containing "test ssrf" message, in order to proof SSRF attack. 2. Next, the tester uploaded the common file and then manipulate the content and extension file to html format in order to find the application path: 3. The tester access that file and found the...
Nextcloud: Downgrade encryption scheme and break integrity through known-plaintext attack
The idea behind the Server Side Encryption is that you can move your encrypted files to an external party without that external party being able to to read or modify those files. Some time ago, Nextcloud switched from unauthenticated CFB cipher block mode to authenticated CTR cipher block mode in...
Nextcloud: SSRF protection bypass
CVSS ---- High 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Description ----------- The filter which protects Nextcloud from SSRF can be bypassed using IPv6/IPv4 address embedding. SSRF protection is for example used in the calendar or dav apps. Successful exploitation of the issue will allow...