384 matches found
Denial of Service by requesting to reset a password (NC-SA-2021-003)
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user...
Mail app not verifying TLS host of mail servers (NC-SA-2020-020)
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack...
Mail app does not respect download permissions in shares
None...
XSS in Desktop Client in the notifications
None...
Missing permission check on Deck API
None...
File path disclosure of shared files in OfficeOnline application
None...
Malicious Android app could access Shared Preferences of the Nextcloud Android client
None...
Alias creation did not validate account ID
None...
Missing rate limit on signup page (NC-SA-2020-033)
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times...
XSS in desktop client via invalid server address on login form (NC-SA-2020-027)
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html including local links when responding with invalid data on the login attempt...
XSS in Contacts
None...
End-to-end encryption device setup did not verify public key
None...
Group admins can create users with IDs of system folders (NC-SA-2019-015)
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...
All users can reset the allowed apps list for Guest App users
None...
Require strict cookies for image proxy requests
None...
Missing brute force protection for passwords of password protected share links
None...
Missing brute force protection on cloud federation sharing
None...
File path disclosure of shared files in Nextcloud Text application
None...
Ratelimiting can be bypassed using IPv6 subnets
None...
Global credentials of external storages are sent back to the frontend
None...
Rate limiter not working reliable when Memcached is installed
None...
User scoped external storage can be used to gather credentials of other users
None...
Initialization vector reuse in end-to-end encryption allows a malicious server admin to break manipulate and access files
None...
Disabled download shares still allow download through preview images
None...
SSL certificate was not validated in Provider Registration Flow
None...
External storage credentials stored for wrong user (NC-SA-2021-004)
A missing user check in Nextcloud 20.0.5 and prior allowed to populate your own credentials for other users external storage configuration when they did not configure one yet...
Improper permission preservation on reshares (NC-SA-2020-012)
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link...
ID4me does not validate signature or expiration
None...
Inviting excessive long email addresses to a calendar event makes the server unresponsive
None...
OAuth2 client_secret stored in plain text in the database
None...
Password of talk conversations can be bruteforced
None...
Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders
None...
No password length limit when creating a user as an administrator
None...
Bypass of image blocking in Nextcloud Mail
None...
External storage app saves password for all users in the database (NC-SA-2021-006)
A missing condition in Nextcloud Server 19 and prior caused the external storage app to always store the users password in a recoverable format...
Reference fetch can saturate the server bandwidth for 10 seconds
None...
Vulnerable moment-timezone version shipped
None...
Improper input-size validation on the user new session name
None...
Malicious user could break user administration page
None...
Missing URL validation allowed RCE for the server on the Desktop client (NC-SA-2021-008)
Missing validation of URLs in Nextcloud Desktop Client 3.1.2 and earlier allowed a malicious server to execute code on the client. User interaction was required...
PIN for passwordless WebAuthn is asked for but not verified (NC-SA-2020-037)
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it...
Missing ownership check on remote wipe endpoint (NC-SA-2020-018)
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint...
Code injection in Nextcloud Desktop Client for macOS (NC-SA-2020-016)
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment...
SMB User Authentication Bypass (NC-SA-2016-006)
Nextcloud includes an optional and not by default enabled SMB authentication component that allows to authenticate users against an SMB server.This backend is implemented in a way that it tries to connect to a SMB server and if that succeeded consider the user logged-in.The backend did not proper...
Read-only share recipient can restore old versions of file (NC-SA-2016-005)
The restore capability of Nextcloud was not verifying whether an user has only read-only access to a share. Thus an user with read-only access was able to restore old versions...
Users can delete old versions of read-only shared files
None...
Self XSS when pasting HTML into Text app with Ctrl+Shift+V
None...
Delete permissions are not saved when creating public share
None...
Missing rate limiting on password reset functionality allows sending lots of emails
None...
Files Drop public link can be added as federated share
None...