10 matches found
CVE-2021-22912
Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user...
EUVD-2021-10041
Malware in sbrugna...
CVE-2022-39330 Database resource exhaustion for logged-in users via sharee recommendations with circles
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by...
CVE-2021-22905
Nextcloud Android App com.nextcloud.client before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user...
CVE-2021-22905
Nextcloud Android App com.nextcloud.client before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user...
CVE-2021-22912
Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user...
Nextcloud deck sharee search leaks searches to lookupserver by default
None...
Nextcloud: Nextcloud deck sharee search leaks searches to lookupserver by default
So, in short this is related to the other 2 reports https://hackerone.com/reports/1167916 and https://hackerone.com/reports/1167919 While I could not find deck on your h1 page. I kind of assume it is in scope as well as this is something you sell with the 'groupware' subscription...
Nextcloud: Default Nextcloud server config and iOS Nextcloud client leak sharee searches to Nextcloud
In short this is the same as https://hackerone.com/reports/1167916 but then for iOS so please forgive the copy paste On a clean Nextcloud setup the functionality "Search global and public address book for users" is enabled. Now when searching for a sharee to share with. The lookup parameter is no...
Nextcloud: Default Nextcloud Server and Android Client leak sharee searches to Nextcloud
On a clean Nextcloud setup the functionality "Search global and public address book for users" is enabled. Now when searching for a sharee to share with. The lookup parameter is not passed to the server. Resulting in...