CVE-2021-39223 File path disclosure of shared files in Richdocuments application

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...

File path disclosure of shared files in Richdocuments application

None...

Nextcloud 信息泄露漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud Richdocuments application in versions prior to 3.8.6 and 4.2.3 is vulnerable to an information disclosure vulnerability where the vulnerable...

Nextcloud Information Disclosure Vulnerability (CNVD-2021-70105)

An information disclosure vulnerability exists in Nextcloud Richdocuments, an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the fact that in the affected version, the Richdocuments OCS endpoint is not...

Nextcloud Information Disclosure Vulnerability (CNVD-2021-70109)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud Richdocuments, which stems from the fact that there is no rate limitation on Richdocuments OCS...

CVE-2021-37628

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features "Upload Only" public link shares in Nextcloud can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended th...

CVE-2021-37629

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is...

CVE-2021-37629

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is...

CVE-2021-37628

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features "Upload Only" public link shares in Nextcloud can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended th...

Design/Logic Flaw

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is...

Design/Logic Flaw

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features "Upload Only" public link shares in Nextcloud can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended th...

CVE-2021-37629 Lack of ratelimit on Richdocuments OCS endpoint in nextcloud

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is...

CVE-2021-37629

CVE-2021-37629 affects Nextcloud Richdocuments. The vulnerability arises from a lack of rate limiting on the Richdocuments OCS endpoint, enabling enumeration of potentially valid share tokens in affected versions. Upgrading the Richdocuments app to 3.8.4 or 4.2.1 resolves the issue; for users who...

CVE-2021-37628

The CVE-2021-37628 affects Nextcloud Richdocuments, an open-source collaborative office suite, where the File Drop feature (Upload Only public link shares) can be bypassed via the Richdocuments app. An attacker could read arbitrary files in such a share, indicating a serious information-disclosur...

CVE-2021-37628 File Drop can be bypassed using Richdocuments app in nextcloud

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features "Upload Only" public link shares in Nextcloud can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended th...

Nextcloud 信息泄露漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud Richdocuments, which stems from the fact that there is no rate limitation on Richdocuments OCS...

Nextcloud 信息泄露漏洞

An information disclosure vulnerability exists in Nextcloud Richdocuments, an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the fact that in the affected version, the Richdocuments OCS endpoint is not...

Lack of ratelimit on Richdocuments OCS endpoint

None...

CVE-2021-32748

Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI "Web Application Open Platform Interface" protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does n...

CVE-2021-32748

Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI "Web Application Open Platform Interface" protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does n...