CVE-2023-25150

CVE-2023-25150 corresponds to an access control flaw in Nextcloud Office (Collabora Integration): the Collabora integration can be tricked into providing access to other users’ files without proper permission validation. Affected are Nextcloud Office/Collabora Integration versions prior to 7.0.2 ...

CVE-2022-31024

The CVE-2022-31024 issue affects Nextcloud richdocuments (Collabora) where federated shares can cause a user to edit against a remote Office by default (iframe-based exploitation). Root cause: federation setup allows instructing a user’s editing session to target a different server. Affected vers...

CVE-2021-32748

The CVE-2021-32748 issue affects Nextcloud Richdocuments, where WOPI API calls between Richdocuments and Collabora Editor lacked credentials/IP-based access checks. This allowed bypassing watermarks/download protections configured via File Access Control, though it did not grant access to data un...

CVE-2021-37628

The CVE-2021-37628 affects Nextcloud Richdocuments, an open-source collaborative office suite, where the File Drop feature (Upload Only public link shares) can be bypassed via the Richdocuments app. An attacker could read arbitrary files in such a share, indicating a serious information-disclosur...

CVE-2021-37629

CVE-2021-37629 affects Nextcloud Richdocuments. The vulnerability arises from a lack of rate limiting on the Richdocuments OCS endpoint, enabling enumeration of potentially valid share tokens in affected versions. Upgrading the Richdocuments app to 3.8.4 or 4.2.1 resolves the issue; for users who...

CVE-2021-39223

The CVE affects Nextcloud Richdocuments prior to versions 3.8.6 and 4.2.3. The vulnerability causes the application to return verbatim exception messages to users, enabling full path disclosure of shared files (e.g., revealing /files/$username/Myfolder/Mysubfolder/shared.txt). Root cause is infor...