CVE-2021-41178

CVE-2021-41178 describes a file traversal vulnerability in Nextcloud Server that allowed an attacker to download arbitrary SVG images from the host, including user-supplied files, prior to versions 20.0.13, 21.0.5, and 22.2.0. The XSS/phishing vector is mitigated by Nextcloud’s Content-Security-P...

CVE-2021-41179

CVE-2021-41179 – Two-Factor Authentication not enforced for public pages (Nextcloud Server) Affected: Nextcloud Server versions prior to 20.0.13, 21.0.5, and 22.2.0.Root cause: Two-Factor Authentication was not enforced for pages marked as public (e.g., @PublicPage), allowing access with an authe...