diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2018-06-21 12:57:53 +0300 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2018-06-21 12:57:53 +0300 |
| commit | 246e29dc8eecb5dd472f06d508d9592214d71fc6 (patch) | |
| tree | a9c742a32393de29ba5fea16078a78db9981f5d1 /advisories | |
| parent | 9add0a8b4a3ea374ed410becec412d084fa77c90 (diff) | |
Provide new security advisories
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Diffstat (limited to 'advisories')
34 files changed, 342 insertions, 175 deletions
diff --git a/advisories/advisories.rss b/advisories/advisories.rss index f6ed964a..03d9cfc9 100644 --- a/advisories/advisories.rss +++ b/advisories/advisories.rss @@ -5,145 +5,169 @@ <link>https://nextcloud.com/security/advisories/</link> <description>The Nextcloud security advisories as a RSS feed</description> <ttl>1800</ttl><item> - <title>Server: App password scope can be changed for other users (nC-SA-2018-001)</title> + <title>Contacts App: Stored XSS in contacts via group shares (NC-SA-2018-005)</title> + <description><p>A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-005">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-005</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-005</guid> + <pubDate>Thu, 21 Jun 2018 14:00:00 +0200</pubDate> + </item><item> + <title>Calendar App: Stored XSS in calendar via group shares (NC-SA-2018-004)</title> + <description><p>A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-004">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-004</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-004</guid> + <pubDate>Thu, 21 Jun 2018 14:00:00 +0200</pubDate> + </item><item> + <title>Server: Improper validation on OAuth2 token endpoint (NC-SA-2018-003)</title> + <description><p>Improper validation of input allowed an attacker with access to the OAuth2 refresh token to obtain new tokens.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-003">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-003</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-003</guid> + <pubDate>Thu, 21 Jun 2018 14:00:00 +0200</pubDate> + </item><item> + <title>Server: File access control rules not applied to image previews (NC-SA-2018-002)</title> + <description><p>A missing check for read permissions allowed users that received an incomming share containing files tagged so they should be denied access to still request a preview for those files.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-002">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-002</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-002</guid> + <pubDate>Thu, 21 Jun 2018 14:00:00 +0200</pubDate> + </item><item> + <title>Server: App password scope can be changed for other users (NC-SA-2018-001)</title> <description><p>A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-001">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-001</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-001</guid> <pubDate>Wed, 07 Feb 2018 01:00:00 +0100</pubDate> </item><item> - <title>Server: Calendar and addressbook names disclosed (nC-SA-2017-012)</title> + <title>Server: Calendar and addressbook names disclosed (NC-SA-2017-012)</title> <description><p>A logical error caused disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and adressbook has been disclosed.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-012">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-012</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-012</guid> <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> </item><item> - <title>Server: Share tokens for public calendars disclosed (nC-SA-2017-011)</title> + <title>Server: Share tokens for public calendars disclosed (NC-SA-2017-011)</title> <description><p>A logical error caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-011">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-011</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-011</guid> <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> </item><item> - <title>Server: Stored XSS in Gallery application (nC-SA-2017-010)</title> + <title>Server: Stored XSS in Gallery application (NC-SA-2017-010)</title> <description><p>A JavaScript library used by Nextcloud for sanitizing untrusted user-input suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2.</p><p>Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-010">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-010</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-010</guid> <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> </item><item> - <title>Server: Limitation of app specific password scope can be bypassed (nC-SA-2017-009)</title> + <title>Server: Limitation of app specific password scope can be bypassed (NC-SA-2017-009)</title> <description><p>Improper session handling allowed an application specific password without permission to the files access to the users file.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-009">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-009</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-009</guid> <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> </item><item> - <title>Server: Reflected XSS in error pages (nC-SA-2017-008)</title> + <title>Server: Reflected XSS in error pages (NC-SA-2017-008)</title> <description><p>Inadequate escaping of error messages leads to XSS vulnerabilities in multiple components.</p><p>Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-008">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-008</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-008</guid> <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> </item><item> - <title>Server: DOM XSS vulnerability in search dialogue (nC-SA-2017-007)</title> + <title>Server: DOM XSS vulnerability in search dialogue (NC-SA-2017-007)</title> <description><p>Inadequate escaping lead to XSS vulnerability in the search module. To be exploitable an user has to write or paste malicious content into the search dialogue.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-007">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-007</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-007</guid> <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> </item><item> - <title>Server: Content-Spoofing in "files" app (nC-SA-2017-006)</title> + <title>Server: Content-Spoofing in "files" app (NC-SA-2017-006)</title> <description><p>The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-006">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-006</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-006</guid> <pubDate>Sun, 05 Feb 2017 11:36:08 +0100</pubDate> </item><item> - <title>Server: Bypassing quota limitation (nC-SA-2017-005)</title> + <title>Server: Bypassing quota limitation (NC-SA-2017-005)</title> <description><p>Due to not properly sanitzing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-005">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-005</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-005</guid> <pubDate>Sun, 05 Feb 2017 11:36:08 +0100</pubDate> </item><item> - <title>Server: Denial of Service attack (nC-SA-2017-004)</title> + <title>Server: Denial of Service attack (NC-SA-2017-004)</title> <description><p>Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-004">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-004</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-004</guid> <pubDate>Sun, 05 Feb 2017 11:36:08 +0100</pubDate> </item><item> - <title>Server: Error message discloses existence of file in write-only share (nC-SA-2017-003)</title> + <title>Server: Error message discloses existence of file in write-only share (NC-SA-2017-003)</title> <description><p>Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-003">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-003</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-003</guid> <pubDate>Sun, 05 Feb 2017 11:36:08 +0100</pubDate> </item><item> - <title>Server: Creation of folders in read-only folders despite lacking permissions (nC-SA-2017-002)</title> + <title>Server: Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)</title> <description><p>Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder.</p><p>Note that this only affects folders and files that the adversary has at least read-only permissions for.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-002">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-002</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-002</guid> <pubDate>Sun, 05 Feb 2017 11:36:08 +0100</pubDate> </item><item> - <title>Server: Permission increase on re-sharing via OCS API (nC-SA-2017-001)</title> + <title>Server: Permission increase on re-sharing via OCS API (NC-SA-2017-001)</title> <description><p>A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set.</p><p>Note that this only affects folders and files that the adversary has at least read-only permissions for.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-001">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-001</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-001</guid> <pubDate>Sun, 05 Feb 2017 11:36:08 +0100</pubDate> </item><item> - <title>Server: Content-Spoofing in "dav" app (nC-SA-2016-011)</title> + <title>Server: Content-Spoofing in "dav" app (NC-SA-2016-011)</title> <description><p>The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-011">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-011</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-011</guid> <pubDate>Mon, 10 Oct 2016 13:21:06 +0200</pubDate> </item><item> - <title>Server: Content-Spoofing in "files" app (nC-SA-2016-010)</title> + <title>Server: Content-Spoofing in "files" app (NC-SA-2016-010)</title> <description><p>The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-010">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-010</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-010</guid> <pubDate>Mon, 10 Oct 2016 13:21:06 +0200</pubDate> </item><item> - <title>Server: Reflected XSS in Gallery application (nC-SA-2016-009)</title> + <title>Server: Reflected XSS in Gallery application (NC-SA-2016-009)</title> <description><p>The gallery app was not properly sanitizing exception messages from the Nextcloud server. Due to an endpoint where an attacker could influence the error message this lead to a reflected Cross-Site-Scripting vulnerability.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-009">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-009</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-009</guid> <pubDate>Mon, 10 Oct 2016 13:21:06 +0200</pubDate> </item><item> - <title>Server: Stored XSS in CardDAV image export (nC-SA-2016-008)</title> + <title>Server: Stored XSS in CardDAV image export (NC-SA-2016-008)</title> <description><p>The CardDAV image export functionality as implemented in Nextcloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.</p><p><strong>Note:</strong> Nextcloud employs a very strict Content Security Policy on the DAV endpoints. This is thus only exploitable on browsers that don't support Content Security Policy.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-008">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-008</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-008</guid> <pubDate>Mon, 10 Oct 2016 13:21:06 +0200</pubDate> </item><item> - <title>Server: Improper authorization check on removing shares (nC-SA-2016-007)</title> + <title>Server: Improper authorization check on removing shares (NC-SA-2016-007)</title> <description><p>The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation did simply unshare the file to all users in the group.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-007">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-007</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-007</guid> <pubDate>Mon, 10 Oct 2016 13:21:06 +0200</pubDate> </item><item> - <title>Server: SMB User Authentication Bypass (nC-SA-2016-006)</title> + <title>Server: SMB User Authentication Bypass (NC-SA-2016-006)</title> <description><p>Nextcloud includes an optional and not by default enabled SMB authentication component that allows to authenticate users against an SMB server.</p><p>This backend is implemented in a way that it tries to connect to a SMB server and if that succeeded consider the user logged-in.</p><p>The backend did not properly take into account SMB servers that any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials.</p><p><strong>Note:</strong> The SMB backend is disabled by default and requires manual configuration in the Nextcloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.</p><p><em><a href="https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/">The reporter has published a blog post about this issue on their website as well.</a></em></p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-006">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-006</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-006</guid> <pubDate>Mon, 10 Oct 2016 13:21:06 +0200</pubDate> </item><item> - <title>Server: Read-only share recipient can restore old versions of file (nC-SA-2016-005)</title> + <title>Server: Read-only share recipient can restore old versions of file (NC-SA-2016-005)</title> <description><p>The restore capability of Nextcloud was not verifying whether an user has only read-only access to a share. Thus an user with read-only access was able to restore old versions.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-005">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-005</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-005</guid> <pubDate>Tue, 19 Jul 2016 10:26:09 +0200</pubDate> </item><item> - <title>Server: Edit permission check not enforced on WebDAV COPY action (nC-SA-2016-004)</title> + <title>Server: Edit permission check not enforced on WebDAV COPY action (NC-SA-2016-004)</title> <description><p>The WebDAV endpoint was not properly checking the permission on a WebDAV "COPY" action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-004">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-004</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-004</guid> <pubDate>Tue, 19 Jul 2016 10:26:09 +0200</pubDate> </item><item> - <title>Server: Content-Spoofing in "files" app (nC-SA-2016-003)</title> + <title>Server: Content-Spoofing in "files" app (NC-SA-2016-003)</title> <description><p>The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-003">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-003</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-003</guid> <pubDate>Tue, 19 Jul 2016 10:26:09 +0200</pubDate> </item><item> - <title>Server: Log pollution can potentially lead to local HTML injection (nC-SA-2016-002)</title> + <title>Server: Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)</title> <description><p>The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as HTML document. Thus any injected data in the log would be executed.</p><p>While the document would only be executed locally (thus on another scope) we have decided to fix this to protect our users.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-002">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-002</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-002</guid> <pubDate>Tue, 19 Jul 2016 10:26:09 +0200</pubDate> </item><item> - <title>Server: Stored XSS in "gallery" application (nC-SA-2016-001)</title> + <title>Server: Stored XSS in "gallery" application (NC-SA-2016-001)</title> <description><p>Due to a recent migration of the Gallery app to the new sharing endpoint a parameter changed from an integer to a string value. This value wasn't sanitized before and was thus now vulnerable to a Cross-Site-Scripting attack.</p><p>To exploit this vulnerability an authenticated attacker has to share a folder with someone else, get them to open the shared folder in the Gallery app and open the sharing window there.</p><p>Since Nextcloud employes a strict Content-Security-Policy this vulnerability is only exploitable in browsers not supporting Content-Security-Policy. You can check at <a href="http://caniuse.com/#feat=contentsecuritypolicy">caniuse.com</a> whether your browser supports CSP.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-001">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-001</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-001</guid> diff --git a/advisories/advisory-side.php b/advisories/advisory-side.php deleted file mode 100644 index 6ec142d8..00000000 --- a/advisories/advisory-side.php +++ /dev/null @@ -1,2 +0,0 @@ -<br/><p>Nextcloud server 12.0.5</p> -<a href="/security/advisory/?id=nc-sa-2018-001">App password scope can be changed for other users</a><br/> diff --git a/advisories/desktop-list-part.php b/advisories/desktop-list-part.php deleted file mode 100644 index e69de29b..00000000 --- a/advisories/desktop-list-part.php +++ /dev/null diff --git a/advisories/full-list.php b/advisories/full-list.php new file mode 100644 index 00000000..3dcd58cc --- /dev/null +++ b/advisories/full-list.php @@ -0,0 +1,131 @@ +<hr> + +<h2>2018</h2> + +<h3>Nextcloud Server 13.0.3</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2018-003">Improper validation on OAuth2 token endpoint (NC-SA-2018-003)</a> 2018-06-21</li> + <li><a href="/security/advisory/?id=NC-SA-2018-002">File access control rules not applied to image previews (NC-SA-2018-002)</a> 2018-06-21</li> +</ul> + +<h3>Nextcloud Server 12.0.8</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2018-003">Improper validation on OAuth2 token endpoint (NC-SA-2018-003)</a> 2018-06-21</li> + <li><a href="/security/advisory/?id=NC-SA-2018-002">File access control rules not applied to image previews (NC-SA-2018-002)</a> 2018-06-21</li> +</ul> + +<h3>Calendar App 1.6.1</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2018-004">Stored XSS in calendar via group shares (NC-SA-2018-004)</a> 2018-06-21</li> +</ul> + +<h3>Calendar App 1.5.8</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2018-004">Stored XSS in calendar via group shares (NC-SA-2018-004)</a> 2018-06-21</li> +</ul> + +<h3>Contacts App 2.1.2</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2018-005">Stored XSS in contacts via group shares (NC-SA-2018-005)</a> 2018-06-21</li> +</ul> + +<h3>Nextcloud Server 12.0.5</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2018-001">App password scope can be changed for other users (NC-SA-2018-001)</a> 2018-02-07</li> +</ul> + +<h3>Nextcloud Server 11.0.7</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2018-001">App password scope can be changed for other users (NC-SA-2018-001)</a> 2018-02-07</li> +</ul> + +<hr> + +<h2>2017</h2> + +<h3>Nextcloud Server 11.0.3</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2017-009">Limitation of app specific password scope can be bypassed (NC-SA-2017-009)</a> 2017-05-08</li> + <li><a href="/security/advisory/?id=NC-SA-2017-008">Reflected XSS in error pages (NC-SA-2017-008)</a> 2017-05-08</li> + <li><a href="/security/advisory/?id=NC-SA-2017-007">DOM XSS vulnerability in search dialogue (NC-SA-2017-007)</a> 2017-05-08</li> + <li><a href="/security/advisory/?id=NC-SA-2017-011">Share tokens for public calendars disclosed (NC-SA-2017-011)</a> 2017-05-08</li> + <li><a href="/security/advisory/?id=NC-SA-2017-010">Stored XSS in Gallery application (NC-SA-2017-010)</a> 2017-05-08</li> +</ul> + +<h3>Nextcloud Server 10.0.5</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2017-008">Reflected XSS in error pages (NC-SA-2017-008)</a> 2017-05-08</li> + <li><a href="/security/advisory/?id=NC-SA-2017-010">Stored XSS in Gallery application (NC-SA-2017-010)</a> 2017-05-08</li> +</ul> + +<h3>Nextcloud Server 9.0.58</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2017-008">Reflected XSS in error pages (NC-SA-2017-008)</a> 2017-05-08</li> + <li><a href="/security/advisory/?id=NC-SA-2017-010">Stored XSS in Gallery application (NC-SA-2017-010)</a> 2017-05-08</li> +</ul> + +<h3>Nextcloud Server 11.0.2</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2017-012">Calendar and addressbook names disclosed (NC-SA-2017-012)</a> 2017-05-08</li> +</ul> + +<h3>Nextcloud Server 10.0.4</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2017-012">Calendar and addressbook names disclosed (NC-SA-2017-012)</a> 2017-05-08</li> +</ul> + +<h3>Nextcloud Server 10.0.2</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2017-003">Error message discloses existence of file in write-only share (NC-SA-2017-003)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-002">Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-005">Bypassing quota limitation (NC-SA-2017-005)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-004">Denial of Service attack (NC-SA-2017-004)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-006">Content-Spoofing in "files" app (NC-SA-2017-006)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-001">Permission increase on re-sharing via OCS API (NC-SA-2017-001)</a> 2017-02-05</li> +</ul> + +<h3>Nextcloud Server 9.0.55</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2017-003">Error message discloses existence of file in write-only share (NC-SA-2017-003)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-002">Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-005">Bypassing quota limitation (NC-SA-2017-005)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-004">Denial of Service attack (NC-SA-2017-004)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-006">Content-Spoofing in "files" app (NC-SA-2017-006)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-001">Permission increase on re-sharing via OCS API (NC-SA-2017-001)</a> 2017-02-05</li> +</ul> + +<hr> + +<h2>2016</h2> + +<h3>Nextcloud Server 10.0.1</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2016-009">Reflected XSS in Gallery application (NC-SA-2016-009)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-008">Stored XSS in CardDAV image export (NC-SA-2016-008)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-011">Content-Spoofing in "dav" app (NC-SA-2016-011)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-010">Content-Spoofing in "files" app (NC-SA-2016-010)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-006">SMB User Authentication Bypass (NC-SA-2016-006)</a> 2016-10-10</li> +</ul> + +<h3>Nextcloud Server 9.0.54</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2016-011">Content-Spoofing in "dav" app (NC-SA-2016-011)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-010">Content-Spoofing in "files" app (NC-SA-2016-010)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-006">SMB User Authentication Bypass (NC-SA-2016-006)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-007">Improper authorization check on removing shares (NC-SA-2016-007)</a> 2016-10-10</li> +</ul> + +<h3>Nextcloud Server 10.0.0</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2016-007">Improper authorization check on removing shares (NC-SA-2016-007)</a> 2016-10-10</li> +</ul> + +<h3>Nextcloud Server 9.0.52</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2016-003">Content-Spoofing in "files" app (NC-SA-2016-003)</a> 2016-07-19</li> + <li><a href="/security/advisory/?id=NC-SA-2016-002">Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)</a> 2016-07-19</li> + <li><a href="/security/advisory/?id=NC-SA-2016-005">Read-only share recipient can restore old versions of file (NC-SA-2016-005)</a> 2016-07-19</li> + <li><a href="/security/advisory/?id=NC-SA-2016-004">Edit permission check not enforced on WebDAV COPY action (NC-SA-2016-004)</a> 2016-07-19</li> + <li><a href="/security/advisory/?id=NC-SA-2016-001">Stored XSS in "gallery" application (NC-SA-2016-001)</a> 2016-07-19</li> +</ul> + diff --git a/advisories/mobile-list-part.php b/advisories/mobile-list-part.php deleted file mode 100644 index e69de29b..00000000 --- a/advisories/mobile-list-part.php +++ /dev/null diff --git a/advisories/nc-sa-2016-001.php b/advisories/nc-sa-2016-001.php index e14dfaec..fdd9fa13 100644 --- a/advisories/nc-sa-2016-001.php +++ b/advisories/nc-sa-2016-001.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Stored XSS in "gallery" application (NC-SA-2016-001)</h2> <p>19th July 2016</p> <p>Risk level: <strong>Medium</strong></p> diff --git a/advisories/nc-sa-2016-002.php b/advisories/nc-sa-2016-002.php index 3b0fc7a7..b6147a8c 100644 --- a/advisories/nc-sa-2016-002.php +++ b/advisories/nc-sa-2016-002.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)</h2> <p>19th July 2016</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2016-003.php b/advisories/nc-sa-2016-003.php index 2c11fda4..6c95317e 100644 --- a/advisories/nc-sa-2016-003.php +++ b/advisories/nc-sa-2016-003.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Content-Spoofing in "files" app (NC-SA-2016-003)</h2> <p>19th July 2016</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2016-004.php b/advisories/nc-sa-2016-004.php index 68298a8e..71bb9680 100644 --- a/advisories/nc-sa-2016-004.php +++ b/advisories/nc-sa-2016-004.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Edit permission check not enforced on WebDAV COPY action (NC-SA-2016-004)</h2> <p>19th July 2016</p> <p>Risk level: <strong>Medium</strong></p> diff --git a/advisories/nc-sa-2016-005.php b/advisories/nc-sa-2016-005.php index 93922962..69152f0f 100644 --- a/advisories/nc-sa-2016-005.php +++ b/advisories/nc-sa-2016-005.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Read-only share recipient can restore old versions of file (NC-SA-2016-005)</h2> <p>19th July 2016</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2016-006.php b/advisories/nc-sa-2016-006.php index b39e5032..3bb5152b 100644 --- a/advisories/nc-sa-2016-006.php +++ b/advisories/nc-sa-2016-006.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>SMB User Authentication Bypass (NC-SA-2016-006)</h2> <p>10th October 2016</p> <p>Risk level: <strong>High</strong></p> diff --git a/advisories/nc-sa-2016-007.php b/advisories/nc-sa-2016-007.php index 445f3a04..4899a5bd 100644 --- a/advisories/nc-sa-2016-007.php +++ b/advisories/nc-sa-2016-007.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Improper authorization check on removing shares (NC-SA-2016-007)</h2> <p>10th October 2016</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2016-008.php b/advisories/nc-sa-2016-008.php index f2e37cc8..b59d8cf3 100644 --- a/advisories/nc-sa-2016-008.php +++ b/advisories/nc-sa-2016-008.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Stored XSS in CardDAV image export (NC-SA-2016-008)</h2> <p>10th October 2016</p> <p>Risk level: <strong>Medium</strong></p> diff --git a/advisories/nc-sa-2016-009.php b/advisories/nc-sa-2016-009.php index 68810b93..8592fe45 100644 --- a/advisories/nc-sa-2016-009.php +++ b/advisories/nc-sa-2016-009.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Reflected XSS in Gallery application (NC-SA-2016-009)</h2> <p>10th October 2016</p> <p>Risk level: <strong>Medium</strong></p> diff --git a/advisories/nc-sa-2016-010.php b/advisories/nc-sa-2016-010.php index bbfca3e4..1c7dfc50 100644 --- a/advisories/nc-sa-2016-010.php +++ b/advisories/nc-sa-2016-010.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Content-Spoofing in "files" app (NC-SA-2016-010)</h2> <p>10th October 2016</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2016-011.php b/advisories/nc-sa-2016-011.php index 5aec3a39..c411b83f 100644 --- a/advisories/nc-sa-2016-011.php +++ b/advisories/nc-sa-2016-011.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Content-Spoofing in "dav" app (NC-SA-2016-011)</h2> <p>10th October 2016</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2017-001.php b/advisories/nc-sa-2017-001.php index 70bd0109..33b422a5 100644 --- a/advisories/nc-sa-2017-001.php +++ b/advisories/nc-sa-2017-001.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Permission increase on re-sharing via OCS API (NC-SA-2017-001)</h2> <p>5th February 2017</p> <p>Risk level: <strong>Medium</strong></p> diff --git a/advisories/nc-sa-2017-002.php b/advisories/nc-sa-2017-002.php index 731bcc2c..c19340ad 100644 --- a/advisories/nc-sa-2017-002.php +++ b/advisories/nc-sa-2017-002.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)</h2> <p>5th February 2017</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2017-003.php b/advisories/nc-sa-2017-003.php index d2e9475b..ebe7f1d9 100644 --- a/advisories/nc-sa-2017-003.php +++ b/advisories/nc-sa-2017-003.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Error message discloses existence of file in write-only share (NC-SA-2017-003)</h2> <p>5th February 2017</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2017-004.php b/advisories/nc-sa-2017-004.php index b4766f3e..a653ebe3 100644 --- a/advisories/nc-sa-2017-004.php +++ b/advisories/nc-sa-2017-004.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Denial of Service attack (NC-SA-2017-004)</h2> <p>5th February 2017</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2017-005.php b/advisories/nc-sa-2017-005.php index f4f5c05c..85567514 100644 --- a/advisories/nc-sa-2017-005.php +++ b/advisories/nc-sa-2017-005.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Bypassing quota limitation (NC-SA-2017-005)</h2> <p>5th February 2017</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2017-006.php b/advisories/nc-sa-2017-006.php index d1ab25b3..af9b18d1 100644 --- a/advisories/nc-sa-2017-006.php +++ b/advisories/nc-sa-2017-006.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Content-Spoofing in "files" app (NC-SA-2017-006)</h2> <p>5th February 2017</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2017-007.php b/advisories/nc-sa-2017-007.php index 0ccaf69f..8f18d00d 100644 --- a/advisories/nc-sa-2017-007.php +++ b/advisories/nc-sa-2017-007.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>DOM XSS vulnerability in search dialogue (NC-SA-2017-007)</h2> <p>8th May 2017</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2017-008.php b/advisories/nc-sa-2017-008.php index 0638bcfa..baf40e7a 100644 --- a/advisories/nc-sa-2017-008.php +++ b/advisories/nc-sa-2017-008.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Reflected XSS in error pages (NC-SA-2017-008)</h2> <p>8th May 2017</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2017-009.php b/advisories/nc-sa-2017-009.php index 94081903..36470dca 100644 --- a/advisories/nc-sa-2017-009.php +++ b/advisories/nc-sa-2017-009.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Limitation of app specific password scope can be bypassed (NC-SA-2017-009)</h2> <p>8th May 2017</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2017-010.php b/advisories/nc-sa-2017-010.php index 4934ec97..724ded84 100644 --- a/advisories/nc-sa-2017-010.php +++ b/advisories/nc-sa-2017-010.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Stored XSS in Gallery application (NC-SA-2017-010)</h2> <p>8th May 2017</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2017-011.php b/advisories/nc-sa-2017-011.php index cc5b08dc..66adc256 100644 --- a/advisories/nc-sa-2017-011.php +++ b/advisories/nc-sa-2017-011.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Share tokens for public calendars disclosed (NC-SA-2017-011)</h2> <p>8th May 2017</p> <p>Risk level: <strong>Medium</strong></p> diff --git a/advisories/nc-sa-2017-012.php b/advisories/nc-sa-2017-012.php index 963583e7..304d466c 100644 --- a/advisories/nc-sa-2017-012.php +++ b/advisories/nc-sa-2017-012.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>Calendar and addressbook names disclosed (NC-SA-2017-012)</h2> <p>8th May 2017</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2018-001.php b/advisories/nc-sa-2018-001.php index fbc4001e..641d3714 100644 --- a/advisories/nc-sa-2018-001.php +++ b/advisories/nc-sa-2018-001.php @@ -5,10 +5,7 @@ </div> </div> <div class="row"> - <div class="col-md-4"> - <?php get_template_part('advisories/advisory-side'); ?> - </div> - <div class="col-md-8"> + <div class="col-md-12"> <h2>App password scope can be changed for other users (NC-SA-2018-001)</h2> <p>7th February 2018</p> <p>Risk level: <strong>Low</strong></p> diff --git a/advisories/nc-sa-2018-002.php b/advisories/nc-sa-2018-002.php new file mode 100644 index 00000000..f30e06a1 --- /dev/null +++ b/advisories/nc-sa-2018-002.php @@ -0,0 +1,35 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>File access control rules not applied to image previews (NC-SA-2018-002)</h2> + <p>21st June 2018</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 3.5 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N">AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/273.html">Improper Check for Dropped Privileges (CWE-273)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/358339">358339</a></p> + <h3>Description</h3> + <p><p>A missing check for read permissions allowed users that received an incomming share containing files tagged so they should be denied access to still request a preview for those files.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>13.0.3</strong> (CVE-2018-3762)</li> +<li>Nextcloud Server < <strong>12.0.8</strong> (CVE-2018-3762)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed and regression tests been added.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Reinis Martinsons (reinis.martinsons@gmail.com) - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2018-003.php b/advisories/nc-sa-2018-003.php new file mode 100644 index 00000000..fe4470d1 --- /dev/null +++ b/advisories/nc-sa-2018-003.php @@ -0,0 +1,35 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Improper validation on OAuth2 token endpoint (NC-SA-2018-003)</h2> + <p>21st June 2018</p> + <p>Risk level: <strong>Medium</strong></p> + <p>CVSS v3 Base Score: 6.4 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N">AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/20.html">Improper Input Validation (CWE-20)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/343111">343111</a></p> + <h3>Description</h3> + <p><p>Improper validation of input allowed an attacker with access to the OAuth2 refresh token to obtain new tokens.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>13.0.3</strong> (CVE-2018-3761)</li> +<li>Nextcloud Server < <strong>12.0.8</strong> (CVE-2018-3761)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed according to RFC6749.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Mikael Karlsson - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2018-004.php b/advisories/nc-sa-2018-004.php new file mode 100644 index 00000000..c7705f35 --- /dev/null +++ b/advisories/nc-sa-2018-004.php @@ -0,0 +1,35 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Stored XSS in calendar via group shares (NC-SA-2018-004)</h2> + <p>21st June 2018</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 3.5 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N">AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)</a></p> + + <h3>Description</h3> + <p><p>A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Calendar < <strong>1.6.1</strong> (CVE-2018-3763)</li> +<li>Nextcloud Calendar < <strong>1.5.8</strong> (CVE-2018-3763)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>An anonymous hacker - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2018-005.php b/advisories/nc-sa-2018-005.php new file mode 100644 index 00000000..468427f4 --- /dev/null +++ b/advisories/nc-sa-2018-005.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Stored XSS in contacts via group shares (NC-SA-2018-005)</h2> + <p>21st June 2018</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 3.5 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N">AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)</a></p> + + <h3>Description</h3> + <p><p>A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Contacts < <strong>2.1.2</strong> (CVE-2018-3764)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>An anonymous hacker - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/server-list-part.php b/advisories/server-list-part.php deleted file mode 100644 index b83665cd..00000000 --- a/advisories/server-list-part.php +++ /dev/null @@ -1,53 +0,0 @@ -<p>Version 12.0.5</p> -<a href="/security/advisory/?id=nc-sa-2018-001">App password scope can be changed for other users</a><br> -<br/><p>Version 11.0.7</p> -<a href="/security/advisory/?id=nc-sa-2018-001">App password scope can be changed for other users</a><br> -<br/><p>Version 11.0.3</p> -<a href="/security/advisory/?id=nc-sa-2017-007">DOM XSS vulnerability in search dialogue</a><br> -<a href="/security/advisory/?id=nc-sa-2017-008">Reflected XSS in error pages</a><br> -<a href="/security/advisory/?id=nc-sa-2017-009">Limitation of app specific password scope can be bypassed</a><br> -<a href="/security/advisory/?id=nc-sa-2017-010">Stored XSS in Gallery application</a><br> -<a href="/security/advisory/?id=nc-sa-2017-011">Share tokens for public calendars disclosed</a><br> -<br/><p>Version 11.0.2</p> -<a href="/security/advisory/?id=nc-sa-2017-012">Calendar and addressbook names disclosed</a><br> -<br/><p>Version 10.0.5</p> -<a href="/security/advisory/?id=nc-sa-2017-008">Reflected XSS in error pages</a><br> -<a href="/security/advisory/?id=nc-sa-2017-010">Stored XSS in Gallery application</a><br> -<br/><p>Version 10.0.4</p> -<a href="/security/advisory/?id=nc-sa-2017-012">Calendar and addressbook names disclosed</a><br> -<br/><p>Version 10.0.2</p> -<a href="/security/advisory/?id=nc-sa-2017-001">Permission increase on re-sharing via OCS API</a><br> -<a href="/security/advisory/?id=nc-sa-2017-002">Creation of folders in read-only folders despite lacking permissions</a><br> -<a href="/security/advisory/?id=nc-sa-2017-003">Error message discloses existence of file in write-only share</a><br> -<a href="/security/advisory/?id=nc-sa-2017-004">Denial of Service attack</a><br> -<a href="/security/advisory/?id=nc-sa-2017-005">Bypassing quota limitation</a><br> -<a href="/security/advisory/?id=nc-sa-2017-006">Content-Spoofing in "files" app</a><br> -<br/><p>Version 10.0.1</p> -<a href="/security/advisory/?id=nc-sa-2016-006">SMB User Authentication Bypass</a><br> -<a href="/security/advisory/?id=nc-sa-2016-008">Stored XSS in CardDAV image export</a><br> -<a href="/security/advisory/?id=nc-sa-2016-009">Reflected XSS in Gallery application</a><br> -<a href="/security/advisory/?id=nc-sa-2016-010">Content-Spoofing in "files" app</a><br> -<a href="/security/advisory/?id=nc-sa-2016-011">Content-Spoofing in "dav" app</a><br> -<br/><p>Version 10.0.0</p> -<a href="/security/advisory/?id=nc-sa-2016-007">Improper authorization check on removing shares</a><br> -<br/><p>Version 9.0.58</p> -<a href="/security/advisory/?id=nc-sa-2017-008">Reflected XSS in error pages</a><br> -<a href="/security/advisory/?id=nc-sa-2017-010">Stored XSS in Gallery application</a><br> -<br/><p>Version 9.0.55</p> -<a href="/security/advisory/?id=nc-sa-2017-001">Permission increase on re-sharing via OCS API</a><br> -<a href="/security/advisory/?id=nc-sa-2017-002">Creation of folders in read-only folders despite lacking permissions</a><br> -<a href="/security/advisory/?id=nc-sa-2017-003">Error message discloses existence of file in write-only share</a><br> -<a href="/security/advisory/?id=nc-sa-2017-004">Denial of Service attack</a><br> -<a href="/security/advisory/?id=nc-sa-2017-005">Bypassing quota limitation</a><br> -<a href="/security/advisory/?id=nc-sa-2017-006">Content-Spoofing in "files" app</a><br> -<br/><p>Version 9.0.54</p> -<a href="/security/advisory/?id=nc-sa-2016-006">SMB User Authentication Bypass</a><br> -<a href="/security/advisory/?id=nc-sa-2016-007">Improper authorization check on removing shares</a><br> -<a href="/security/advisory/?id=nc-sa-2016-010">Content-Spoofing in "files" app</a><br> -<a href="/security/advisory/?id=nc-sa-2016-011">Content-Spoofing in "dav" app</a><br> -<br/><p>Version 9.0.52</p> -<a href="/security/advisory/?id=nc-sa-2016-001">Stored XSS in "gallery" application</a><br> -<a href="/security/advisory/?id=nc-sa-2016-002">Log pollution can potentially lead to local HTML injection</a><br> -<a href="/security/advisory/?id=nc-sa-2016-003">Content-Spoofing in "files" app</a><br> -<a href="/security/advisory/?id=nc-sa-2016-004">Edit permission check not enforced on WebDAV COPY action</a><br> -<a href="/security/advisory/?id=nc-sa-2016-005">Read-only share recipient can restore old versions of file</a><br> |