CVE-2023-28645

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

Nextcloud Server 24.0.4 < 24.0.7, 25.x < 25.0.1 Improper Access Control Vulnerability (GHSA-7w6h-5qgw-4j94)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Design/Logic Flaw

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

Secure view can be bypassed by using internal API endpoint

None...

Nextcloud 访问控制错误漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud richdocuments. An attacker could exploit the vulnerability to bypass the secure view feature...

PT-2023-21870 · Nextcloud · Nextcloud Richdocuments

Name of the Vulnerable Software and Affected Versions: Nextcloud richdocuments versions prior to 6.3.2 Nextcloud richdocuments versions prior to 7.0.2 Nextcloud richdocuments versions prior to 8.0.0-beta.1 Description: The secure view feature of the rich documents app can be bypassed by using an...

SUSE CVE-2023-25821

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

Improper access control

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

Nextcloud: Secure view trivial to bypass

The secure view feature in Nextcloud was vulnerable to bypassing, allowing users to download files without watermarks. This was possible by using the richdocuments app and adding "/contents" to the URL. The checkbox indicating that downloading is not allowed was misleading, and a solution could b...

Nextcloud: Download permissions can be changed by resharer

Download permissions in Nextcloud 25 could be changed by a resharer, rendering the secure view feature for internal shares useless. This allowed users to download files without the watermark and other security measures...

CVE-2021-41312

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors...

Nextcloud: "Secure View" aka "Hide Download" can be bypassed easily

The mid-2019 announced feature "Secure view" https://nextcloud.com/blog/secure-view-prevent-your-shared-files-from-getting-downloaded/ allows for hiding the Download button on public shares. Even though the announcement admits that there are always workarounds out there to get hands on the file...