384 matches found
Reflected XSS when renaming malicious file (NC-SA-2021-005)
Missing sanitization in Nextcloud Server 20.0.5 and prior allowed to perform a reflected XSS when saving html as file name and causing an error on rename e.g. by renaming to an existing file. The risk is mostly mitigated due to the strict Content-Security-Policy CSP of Nextcloud, and thus mainly...
Access control missing while viewing the attachments in the 'All boards' (NC-SA-2020-036)
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...
Second factor authentication bypassed if provider fails to load (NC-SA-2018-011)
Missing state would not enforce the use of a second factor at login if the the provider of the second factor failed to load...
Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)
Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder.Note that this only affects folders and files that the adversary has at least read-only permissions for...
Code injection in Nextcloud Desktop Client for macOS
None...
Can download "view-only" files with the Files ZIP app
None...
Workflows do not require password confirmation on API level
None...
Users can delete external storage mount points
None...
Messages can still be seen on conversation after expiring when cron is misconfigured
None...
Missing length validation of user displayname allows to generate an SQL error
None...
Nextcloud Server shipped insecure Archive_Tar version
None...
Default Nextcloud Server and iOS Client leak sharee searches to Nextcloud
None...
Password of share by mail is not hashed when given on the create share call (NC-SA-2020-026)
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...
2FA sessions not properly expired on password change (NC-SA-2020-001)
A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset...
Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)
The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...
Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares
None...
Missing permission check when removing a photo from an album
None...
Calendar app returns full stacktrace when an error happens while editing appointment
None...
nextcloudcmd incorrectly trusts bad TLS certificates
None...
Malicious Android application can crash the Nextcloud Android Client
None...
End to end encryption folder locking is not properly protected
None...
Potential DDoS when posting long data into workflow validation rules (NC-SA-2021-001)
A missing input validation in Nextcloud Server 20.0.1 allowed users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...
Improper confidentiality protection of server-side encryption keys (NC-SA-2020-040)
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on...
Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file (NC-SA-2020-038)
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file...
Increase random used for encryption (NC-SA-2020-023)
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended...
Missing sanitization in iOS App allows XSS (NC-SA-2020-003)
Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files...
Query restriction bypass on exposed FileContentProvider in Android app (NC-SA-2019-011)
Not strictly enough sanitization allowed an attacker to get content information from protected tables when using custom queries...
Insecure temporary file creation, race with write access and permission
None...
App PIN code can be bypassed in Files iOS
None...
XSS in Desktop Client via user status and information
None...
Ratelimit not applied on OCS API responses
None...
XSS through image upload of contacts using svg file (NC-SA-2020-045)
A missing file type check in Nextcloud Contacts 3.3.0 allowed a malicious user to upload malicious SVG files to perform XSS attacks...
User IDs and Nextcloud server leaked to Nextcloud Lookup server with disabled settings (NC-SA-2019-016)
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...
Improper share updates could result in extended data access (NC-SA-2019-003)
A bug could expose more data in reshared link shares than intended by the sharer...
Reflected XSS in error pages (NC-SA-2017-008)
Inadequate escaping of error messages leads to XSS vulnerabilities in multiple components.Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers...
Server-Side Request Forgery (SSRF) in Mail app
None...
Federated share accepting/declining is not logged in audit log
None...
Sensitive data may not be removed from storage on account removal
None...
Downgrade encryption scheme and break integrity through known-plaintext attack (NC-SA-2020-039)
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...
Secure view shares can be downloaded by manipulating the URL (NC-SA-2020-015)
A missing access control check in Nextcloud Server 18.0.0 causes hide-download shares to be downloadable when appending /download to the URL...
Improper validation of permissions (NC-SA-2018-010)
Improper revalidation of permissions lead to not accepting access restrictions by acess tokens...
Improper validation on OAuth2 token endpoint (NC-SA-2018-003)
Improper validation of input allowed an attacker with access to the OAuth2 refresh token to obtain new tokens...
Content-Spoofing in "files" app (NC-SA-2017-006)
The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information...
Reflected XSS in Gallery application (NC-SA-2016-009)
The gallery app was not properly sanitizing exception messages from the Nextcloud server. Due to an endpoint where an attacker could influence the error message this lead to a reflected Cross-Site-Scripting vulnerability...
Missing password confirmation when changing external storage options
None...
Event create can create attachments that link to other websites
None...
Users can set up workflows using restricted and invisible system tags
None...
Full path of data directory exposed to users
None...
Linux client is vulnerable to directory traversal when downloading files (NC-SA-2020-032)
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory...
Clear text storage of proxy parameters and passwords (NC-SA-2020-031)
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...