Richdocuments@* Security Vulnerabilities and Issues — Richdocuments@* CVE List

Lucene search

NextcloudRichdocuments*

4 matches found

CVE•added 2021/07/27 9:15 p.m.•66 views

CVE-2021-32748

Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform Interface") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does n...

4.3CVSS4.6AI score0.00226EPSS

CVE•added 2021/09/07 9:15 p.m.•57 views

CVE-2021-37628

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended th...

7.5CVSS7.4AI score0.00401EPSS

CVE•added 2021/10/25 10:15 p.m.•40 views

CVE-2021-39223

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file shared.t...

5.3CVSS5AI score0.0035EPSS

CVE•added 2021/09/07 9:15 p.m.•39 views

CVE-2021-37629

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upg...

5.3CVSS5.1AI score0.00384EPSS