Server-Side Request Forgery (SSRF) in Mail app

None...

Admins can change authentication details of user configured external storage

None...

Require strict cookies for image proxy requests

None...

Inviting excessive long email addresses to a calendar event makes the server unresponsive

None...

OAuth2 client_secret stored in plain text in the database

None...

Password of talk conversations can be bruteforced

None...

Rate limiter not working reliable when Memcached is installed

None...

Improper restriction of excessive authentication attempts on WebDAV endpoint

None...

Missing password confirmation when creating app passwords

None...

Existance of calendars and addressbooks can be checked by unauthenticated users

None...

Users can delete external storage mount points

None...

Text does not respect "Allow download" permissions

None...

Missing brute force protection on OAuth2 API controller

None...

Path traversal allows tricking the Talk Android app into writing files into it's root directory

None...

Notes attachment render HTML in preview mode

None...

user_oidc app stores client secret unencrypted in database

None...

Issuer not verified from obtained token in user_oidc

None...

Advanced permissions not respected when copying entire group folders

None...

User scoped external storage can be used to gather credentials of other users

None...

System addressbooks can be modified by malicious trusted server

None...

Password reset endpoint is not brute force protected

None...

Open redirect on "Unsupported browser" warning

None...

Brute force protection allows to send more requests than intended

None...

End-to-End encrypted file-drops can be made inaccessible

None...

Blind SSRF in the Mail app on avatar endpoint

None...

Error in calendar when booking an appointment reveals the full path of the website

None...

Contacts - PHOTO svg only sanitized if mime type is all lower case

None...

Basic auth header on WebDAV requests is not brute-force protected

None...

User session not correctly destroyed on logout

None...

user_oidc app is missing bruteforce protection

None...

Missing brute force protection for passwords of password protected share links

None...

Chat poll data can still be queried from API after purging history of a chat converstion

None...

Users can set up workflows using restricted and invisible system tags

None...

CSRF protection on user_oidc login returned the expected token in case of an error

None...

Desktop clients misbehaves with end-to-end encryption when the server returns an empty list of metadata keys

None...

Initialization vector reuse in end-to-end encryption allows a malicious server admin to break manipulate and access files

None...

Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders

None...

Desktop client does not verify received singed certificate in end-to-end encryption

None...

Full path of data directory exposed to users

None...

Secure view can be bypassed by using internal API endpoint

None...

User without download rights can download older version of that file

None...

Chat room membership disclosed via autocompletion when not a member yourself

None...

Ability to control the filename when uploading a logo or favicon as admin in the theming settings

None...

Insecure randomness for default password in file sharing when password policy app is disabled

None...

Scope of workflow operations is not validated

None...

App pin of the iOS app can be bypassed

None...

App pin of the Android app can be bypassed via thirdparty apps generating deep links

None...

Reference fetch can saturate the server bandwidth for 10 seconds

None...

Potential share collision for recipients when caching is enabled

None...

Missing brute force protection on password reset token

None...