CVE-2023-25821

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

EUVD-2019-6578

Malware in sbrugna...

EUVD-2024-36866

Malicious code in bioql PyPI...

CVE-2020-8182

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...

CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

Nextcloud: Can reshare read&share only folder with more permissions

The vulnerability allowed a user with read-only access to a folder to reshare that folder with additional permissions, such as read and write access. This could potentially allow the user to gain more permissions than they were originally granted...

Nextcloud Server 24.0.4 < 24.0.7, 25.x < 25.0.1 Improper Access Control Vulnerability (GHSA-7w6h-5qgw-4j94)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE CVE-2023-25821

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

Improper access control

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

CVE-2023-25821 Nextcloud download permissions can be changed by resharer

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

CVE-2023-25821 Nextcloud download permissions can be changed by resharer

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

SUSE CVE-2020-8223

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves...

PT-2023-2377 · Nextcloud +2 · Nextcloud +2

Name of the Vulnerable Software and Affected Versions: Nextcloud versions 24.0.4 through 24.0.6 Nextcloud versions 25.0.0 Description: The issue is related to improper access control in Nextcloud, a private cloud software. This can allow a remote attacker to gain unauthorized access to limited...

Nextcloud: Download permissions can be changed by resharer

Download permissions in Nextcloud 25 could be changed by a resharer, rendering the secure view feature for internal shares useless. This allowed users to download files without the watermark and other security measures...

Improper access control

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...

CVE-2020-8182

CVE-2020-8182 affects Nextcloud Deck 0.8.0. Root cause: improper access control that permits a user to reshARE boards shared with them with greater permissions than they possess. Documents describe a missing server-side check on per-user sharing permissions, enabling an attacker to alter access (...

CVE-2019-15621

Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link...

Input validation

Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link...

CVE-2019-15621

Nextcloud Server 16.0.1 is affected by CVE-2019-15621: an improper permissions preservation enables sharees to reshare with write permissions when sharing the mount point of a received share via a public link. Root cause is a permissions preservation flaw in the sharing flow; exploitation details...

Nextcloud: Delete permission can be added on reshare

user0 creates folder /test user0 creates file /test/file.txt user0 shares folder /test with user1 with read+share permissions 17 user1 receives the folder /test and can read-download /test/file.txt but not delete - good user1 uses the sharing API to share folder /test with user2, and specifies...