384 matches found
Edit permission check not enforced on WebDAV COPY action (NC-SA-2016-004)
The WebDAV endpoint was not properly checking the permission on a WebDAV "COPY" action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files...
Bypass of second factor authentication on DAV endpoints by reusing a pre-2FA session ID
None...
Deck app allows to spoof file extensions by using RTLO characters
None...
Admins can change authentication details of user configured external storage
None...
End-to-end encryption device setup did not verify public key
None...
Improper access control to messages of Social app (NC-SA-2020-042)
Improper access control in Social app 0.3.1 allowed to read posts of any user...
Limit contacts photo uploading to images (NC-SA-2020-024)
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars...
SSRF protection bypass in calendar subscriptions (NC-SA-2020-014)
A missing check for IPv4 nested inside IPv6 in Nextcloud server 17.0.1 allowed a SSRF when subscribing to a malicious calendar URL...
Thumbnails of files leaked via Android content provider (NC-SA-2019-007)
If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, he can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin...
Renaming an item to a protected hidden folder deletes the target (NC-SA-2020-017)
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name...
Improper access control checks for single share previews (NC-SA-2018-014)
A missing check could give unauthorized access to the previews of single file password protected shares...
Stored XSS in autocomplete suggestions for file comments (NC-SA-2018-008)
A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
Bypassing quota limitation (NC-SA-2017-005)
Due to not properly sanitzing values provided by the OC-Total-Length HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator...
Content-Spoofing in "dav" app (NC-SA-2016-011)
The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information...
Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner
None...
Tables app allowed users to view columns metadata information of any table
None...
Social App does not validate server certificates for outgoing connections (NC-SA-2020-043)
Missing validation of server certificates for out-going connections allowed a man-in-the-middle attack...
Improper neutralization of item names in projects feature (NC-SA-2020-009)
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...
Event details leaked when sharing a non-public calendar event (NC-SA-2020-013)
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event...
Stored XSS in autocomplete suggestions for chat @-mentions (NC-SA-2018-009)
A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
App password scope can be changed for other users (NC-SA-2018-001)
A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user...
DOM XSS vulnerability in search dialogue (NC-SA-2017-007)
Inadequate escaping lead to XSS vulnerability in the search module. To be exploitable an user has to write or paste malicious content into the search dialogue...
Stored XSS in CardDAV image export (NC-SA-2016-008)
The CardDAV image export functionality as implemented in Nextcloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.Note: Nextcloud employs a very strict Content Security...
Link reference provider can be tricked into downloading bigger files than intended
None...
Improper access control allows injecting tasks into other users decks (NC-SA-2020-022)
Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks...
Bypass lock protection in Android app (NC-SA-2019-004)
Creating a fake multi-account and aborting the process would redirect the user to the default account of the device without asking for the lock pattern if one was set up...
Improper authorization check on removing shares (NC-SA-2016-007)
The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation did simply unshare the file to all users in...
Shares are not removed when user is limited to share with in their groups and being removed from one of them
None...
Remote code execution in Nextcloud Flow via vulnerable Windmill version
None...
Desktop client created folders with world-readable and world-writable permissions on Linux
None...
Share information of Tables app is not limited to affected users
None...
Improper check for access to application database (NC-SA-2018-015)
A too permissive check allowed an installed application that contained the Nextcloud client package name to obtain access to the database of the Nextcloud application. At time of disclosure there are no applications with in the Google Play Store that fullfill this requirement...
PIN bypass in PassCodeActivity via back button
None...
Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty
None...
Open redirection when logging in with User OIDC
None...
Valid share tokens allow to access tempory upload files of share owner
None...
User can copy folder that contain files that are blocked by the files access control
None...
Bypass lock protection in Android app (NC-SA-2020-004)
A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past...
Bypass of 2 Factor Authentication (NC-SA-2018-007)
Improper authentication of the second factor challenge would allow an attacker that had access to user credentials to bypass the second factor validation completely...
Information Disclosure of view filter metadata via Broken Sensitive Data Masking in ViewService
None...
Calendar app allowed booking appointments without the generated token
None...
Tables app allows limited SQLi in ORDER BY with malicious sort order argument for Table Views
None...
Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share
None...
Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC
None...
Logged-in user bypasses share password and download restrictions on Text attachments via documentId
None...
Tables app allowed to include local file via PhpSpreadsheet when importing a table
None...
Authorization Bypass Through User-Controlled Key in Tables
None...
SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution
None...
Open Redirect in user_oidc login flow via protocol-relative URL bypass
None...
fileId parameter reveals workflow associations in Nextcloud Approval app
None...