384 matches found
Missing permission check on resharing a board (NC-SA-2020-025)
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...
Server-Side request forgery in New-Subscription feature of the calendar app (NC-SA-2019-014)
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...
Stored XSS in contacts via group shares (NC-SA-2018-005)
A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins...
Limitation of app specific password scope can be bypassed (NC-SA-2017-009)
Improper session handling allowed an application specific password without permission to the files access to the users file...
Missing character limitation allows to put generate a database error
None...
Calendar name length not validated before writing to database
None...
XSS in Desktop Client in call notification popup
None...
Arbitrary code execution in desktop client via OpenSSL config (NC-SA-2020-030)
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory...
Improper neutralization of item names in projects feature (NC-SA-2020-008)
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...
Classification of calendar events is ignored by the activity stream (NC-SA-2019-001)
A missing check revealed the name of confidential events and private events to all users of a shared calendar...
Calendar and addressbook names disclosed (NC-SA-2017-012)
A logical error caused disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and adressbook has been disclosed...
Content-Spoofing in "files" app (NC-SA-2016-003)
The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user...
Guests can continue to receive video streams from call after being removed from a conversation
None...
Lack of ratelimit on public share link mount endpoint
None...
Default Nextcloud Server and Android Client leak sharee searches to Nextcloud
None...
Improper integrity protection of server-side encryption keys (NC-SA-2020-041)
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...
Re-Sharing allows increase of privileges (NC-SA-2020-029)
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves...
Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...
Reflected XSS in svg logo generation (NC-SA-2019-018)
A reflected Cross-Site Scripting vunerability was discovered in the svg generation...
Name of private conversations leaked when linked via projects to a shared item (NC-SA-2020-011)
Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature...
Bypass lock protection in Android app (NC-SA-2019-006)
If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin...
Stored XSS in calendar via group shares (NC-SA-2018-004)
A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins...
Share tokens for public calendars disclosed (NC-SA-2017-011)
A logical error caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token...
Denial of Service attack (NC-SA-2017-004)
Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service...
Error message discloses existence of file in write-only share (NC-SA-2017-003)
Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages...
Stored XSS in "gallery" application (NC-SA-2016-001)
Due to a recent migration of the Gallery app to the new sharing endpoint a parameter changed from an integer to a string value. This value wasn't sanitized before and was thus now vulnerable to a Cross-Site-Scripting attack.To exploit this vulnerability an authenticated attacker has to share a...
user_oidc app stores client secret unencrypted in database
None...
New users can read all Nextcloud Deck data from previous user with same username (NC-SA-2021-007)
A logic error in Nextcloud Deck 1.0.1 allowed new users with a duplicate user identifier to use deck data of a previous deleted user...
File-drop content is visible through the gallery app (NC-SA-2019-012)
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app...
Improper access control checks for share expiration date (NC-SA-2019-002)
A missing check could give recipient the possibility to extend the expiration date of a share they received...
Session fixation on public share page (NC-SA-2018-013)
A bug causing session fixation could potentially allow an attacker to obtain access to password protected shares...
File access control rules not applied to image previews (NC-SA-2018-002)
A missing check for read permissions allowed users that received an incomming share containing files tagged so they should be denied access to still request a preview for those files...
Stored XSS in Gallery application (NC-SA-2017-010)
A JavaScript library used by Nextcloud for sanitizing untrusted user-input suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2.Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers...
Permission increase on re-sharing via OCS API (NC-SA-2017-001)
A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set.Note that this only affects folders and files that th...
Can access comments and attachments of deleted cards
None...
Improper handling of request URLs in Guests app allows guest users to bypass app allowlist
None...
Lack of ratelimit on shareinfo endpoint
None...
Duplicate setup of second factor allowed (NC-SA-2020-006)
A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login...
Missing default timeout on HTTP requests (NC-SA-2020-005)
Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long...
Improper neutralization of item names in projects feature (NC-SA-2020-010)
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...
Improper sanitization of HTML in directory names (NC-SA-2019-009)
Some basic HTML tags were rendered as Markup in directory names...
Bypass lock protection in Android app (NC-SA-2019-008)
If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can circumvent the passcode protection by repeatedly opening and closing the app in a very short time...
Content-Spoofing in "files" app (NC-SA-2016-010)
The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user...
Calendar attachments of local files are offered to downloaded
None...
Memory Leak in OCUtil.dll library in Desktop client can lead to DoS (NC-SA-2020-034)
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system...
Missing memory corruption protection on Windows release built (NC-SA-2020-035)
Missing ASLR and DEP protections in Nextcloud Desktop Client 2.6.4 for windows allowed to corrupt memory...
Possible denial of service when entering a long password (NC-SA-2020-028)
Improper check of inputs in Preferred providers app 1.6.0 allowed to perform a denial of service attack when using a very long password...
Removing emails from circles does not revoke access to shared items (NC-SA-2019-013)
Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle...
Reflected XSS in redirect of the Updater (NC-SA-2020-007)
Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location...
Improper authentication on public shares (NC-SA-2018-012)
A missing access check could lead to continued access to password protected link shares when the owner had changed the password...