openSUSE Security Update : nextcloud (openSUSE-2020-1652)

This update for nextcloud fixes the following issues : nextcloud version 20.0.0 fix some security issues : - NC-SA-2020-037 PIN for passwordless WebAuthm is asked for but not verified - NC-SA-2020-033 CVE-2020-8228 Missing rate limit on signup page - NC-SA-2020-029 CVE-2020-8233, boo1177346...

Re-Sharing allows increase of privileges (NC-SA-2020-029)

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves...

Nextcloud: Re-Sharing allows increase of privileges

User A shares a file/folder to user B with re-sharing permission, but readonly - User B shares this file/folder to User C Needs the shareapidefaultpermissions set to 1 all checkmarks off in admin panel - User B can add write permissions for the share to User C User C may also be anonymous using a...

CVE-2017-0883

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...

CVE-2017-0883

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...