Cleartext Transmission of Sensitive Information in user_oidc

None...

Profile of disabled user stays accessible

None...

XSS in Nextcloud Circles

None...

File path disclosure of shared files in Nextcloud Text application

None...

XSS in Nextcloud Text application

None...

Missing permission check on resharing a board (NC-SA-2020-025)

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...

Server-Side request forgery in New-Subscription feature of the calendar app (NC-SA-2019-014)

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

Stored XSS in contacts via group shares (NC-SA-2018-005)

A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins...

Mail app does not respect download permissions in shares

None...

Users can set up workflows using restricted and invisible system tags

None...

Full path of data directory exposed to users

None...

Secure view can be bypassed by using internal API endpoint

None...

Missing character limitation allows to put generate a database error

None...

Guests can continue to receive video streams from call after being removed from a conversation

None...

Missing length validation of user displayname allows to generate an SQL error

None...

Nextcloud deck sharee search leaks searches to lookupserver by default

None...

Improper confidentiality protection of server-side encryption keys (NC-SA-2020-040)

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on...

Clear text storage of proxy parameters and passwords (NC-SA-2020-031)

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...

Linux client is vulnerable to directory traversal when downloading files (NC-SA-2020-032)

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory...

Improper neutralization of item names in projects feature (NC-SA-2020-008)

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...

Calendar and addressbook names disclosed (NC-SA-2017-012)

A logical error caused disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and adressbook has been disclosed...

Limitation of app specific password scope can be bypassed (NC-SA-2017-009)

Improper session handling allowed an application specific password without permission to the files access to the users file...

Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)

Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder.Note that this only affects folders and files that the adversary has at least read-only permissions for...

Denial of Service attack (NC-SA-2017-004)

Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service...

All users can reset the allowed apps list for Guest App users

None...

Can download "view-only" files with the Files ZIP app

None...

Text does not respect "Allow download" permissions

None...

Notes attachment render HTML in preview mode

None...

user_oidc app stores client secret unencrypted in database

None...

Possibility for anyone to add a stack with existing tasks on anyone's board in the Deck app

None...

Error in deleting deck cards attachment reveals the full application path

None...

Improper integrity protection of server-side encryption keys (NC-SA-2020-041)

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...

Arbitrary code execution in desktop client via OpenSSL config (NC-SA-2020-030)

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory...

Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...

Reflected XSS in svg logo generation (NC-SA-2019-018)

A reflected Cross-Site Scripting vunerability was discovered in the svg generation...

Name of private conversations leaked when linked via projects to a shared item (NC-SA-2020-011)

Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature...

Bypass lock protection in Android app (NC-SA-2019-006)

If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin...

Improper validation on OAuth2 token endpoint (NC-SA-2018-003)

Improper validation of input allowed an attacker with access to the OAuth2 refresh token to obtain new tokens...

Stored XSS in calendar via group shares (NC-SA-2018-004)

A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins...

Share tokens for public calendars disclosed (NC-SA-2017-011)

A logical error caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token...

Error message discloses existence of file in write-only share (NC-SA-2017-003)

Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages...

Content-Spoofing in "files" app (NC-SA-2016-003)

The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user...

Self XSS when sending HTML as a comment in the Deck app

None...

User without download rights can download older version of that file

None...

Missing rate limit when trying to join a password protected Nextcloud Talk conversation

None...

Default Nextcloud Server and Android Client leak sharee searches to Nextcloud

None...

Re-Sharing allows increase of privileges (NC-SA-2020-029)

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves...

Duplicate setup of second factor allowed (NC-SA-2020-006)

A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login...

Missing default timeout on HTTP requests (NC-SA-2020-005)

Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long...

Improper neutralization of item names in projects feature (NC-SA-2020-010)

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...