9 matches found
CVE-2024-52513 Nextcloud Server's Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares
Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to...
Nextcloud: Attachments folder for Text app is accessible on Files Drop/Password protected shares
The Nextcloud Text app's attachments folder was found to be accessible on Files Drop/Password protected shares...
Nextcloud Security Breach
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from a cross-site scripting XSS vulnerability that allows an attacker to trick a user into...
SUSE CVE-2023-32318
Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous...
PT-2023-8428 · Nextcloud +1 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 25.0.6 Nextcloud Server versions prior to 26.0.1 Description: A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout...
Nextcloud Server 25.0.2 < 25.0.6, 26.0.x < 26.0.1 Insufficient Session Expiration Vulnerability (GHSA-q8c4-chpj-6v38)
Nextcloud Server is prone to an insufficient session expiration vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
User session not correctly destroyed on logout
None...
PT-2022-11375 · Nextcloud +1 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.14 Nextcloud Server versions prior to 21.0.6 Nextcloud Server versions prior to 22.2.1 Description: The Nextcloud Text application, which is shipped with Nextcloud Server by default, has an issue that...
Nextcloud Text app can disclose existence of folders in "File Drop" link share
None...