diff options
| author | Joas Schilling <coding@schilljs.com> | 2020-01-31 14:31:37 +0300 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2020-01-31 14:31:37 +0300 |
| commit | 24f7b39e1601fe712aef42c624335a055b464979 (patch) | |
| tree | bb5f856a5f4cce2ec488ebec55274a16af9ae84c /advisories | |
| parent | e82d8847c9a1125c414e4bddb81de6609bfe1466 (diff) | |
Fix some mistakes with the advisories
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'advisories')
| -rw-r--r-- | advisories/advisories.rss | 26 | ||||
| -rw-r--r-- | advisories/full-list.php | 12 | ||||
| -rw-r--r-- | advisories/nc-sa-2016-001.php | 2 | ||||
| -rw-r--r-- | advisories/nc-sa-2018-015.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-001.php | 6 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-004.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-005.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-006.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-007.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-008.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-009.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-010.php | 2 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-011.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-013.php | 35 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-017.php | 2 |
15 files changed, 84 insertions, 33 deletions
diff --git a/advisories/advisories.rss b/advisories/advisories.rss index 60c6c054..2a4367bf 100644 --- a/advisories/advisories.rss +++ b/advisories/advisories.rss @@ -6,7 +6,7 @@ <description>The Nextcloud security advisories as a RSS feed</description> <ttl>1800</ttl><item> <title>iOS App: Login and token disclosure to other Nextcloud services (NC-SA-2019-017)</title> - <description>Violation of Secure Design Principles in the iOS App 2.24.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-017">For more information please consult the official advisory.</a></strong></p></description> + <description>Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-017">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-017</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-017</guid> <pubDate>Tue, 12 Nov 2019 13:00:00 +0100</pubDate> @@ -29,6 +29,12 @@ <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-014</guid> <pubDate>Thu, 04 Jul 2019 14:00:00 +0200</pubDate> </item><item> + <title>Circles App: Removing emails from circles does not revoke access to shared items (NC-SA-2019-013)</title> + <description>Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-013">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-013</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-013</guid> + <pubDate>Sun, 06 Oct 2019 14:00:00 +0200</pubDate> + </item><item> <title>Server: File-drop content is visible through the gallery app (NC-SA-2019-012)</title> <description>Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-012">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-012</link> @@ -36,43 +42,43 @@ <pubDate>Tue, 22 Oct 2019 14:00:00 +0200</pubDate> </item><item> <title>Android App: Query restriction bypass on exposed FileContentProvider in Android app (NC-SA-2019-011)</title> - <description><p>Not strictly enough sanitization allowed an attacker to get content information from protected tables when using custom queries.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-011">For more information please consult the official advisory.</a></strong></p></description> + <description>Not strictly enough sanitization allowed an attacker to get content information from protected tables when using custom queries.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-011">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-011</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-011</guid> <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> </item><item> - <title>lookup-server: SQL Injection in lookup-server (NC-SA-2019-010)</title> + <title>Lookup server: SQL Injection in lookup-server (NC-SA-2019-010)</title> <description>Improper sanitation of user input allowed any unauthenticated user to perform SQL injection attacks.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-010">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-010</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-010</guid> <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> </item><item> <title>Android App: Improper sanitization of HTML in directory names (NC-SA-2019-009)</title> - <description><p>Some basic HTML tags were rendered as Markup in directory names.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-009">For more information please consult the official advisory.</a></strong></p></description> + <description>Some basic HTML tags were rendered as Markup in directory names.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-009">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-009</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-009</guid> <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> </item><item> <title>Android App: Bypass lock protection in Android app (NC-SA-2019-008)</title> - <description><p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can circumvent the passcode protection by repeatedly opening and closing the app in a very short time.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-008">For more information please consult the official advisory.</a></strong></p></description> + <description>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can circumvent the passcode protection by repeatedly opening and closing the app in a very short time.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-008">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-008</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-008</guid> <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> </item><item> <title>Android App: Thumbnails of files leaked via Android content provider (NC-SA-2019-007)</title> - <description><p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, he can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-007">For more information please consult the official advisory.</a></strong></p></description> + <description>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, he can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-007">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-007</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-007</guid> <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> </item><item> <title>Android App: Bypass lock protection in Android app (NC-SA-2019-006)</title> - <description><p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-006">For more information please consult the official advisory.</a></strong></p></description> + <description>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-006">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-006</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-006</guid> <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> </item><item> <title>Android App: SQL injection in Android app content provider (NC-SA-2019-005)</title> - <description><p>The content provider of the app accepted arbitrary strings in the field list of the returned file list. This allowed an attacker to run harmful queries, destroying the local cache of the android app. The server data however was never in danger, so removing the account and setting it up again can fix all problems.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-005">For more information please consult the official advisory.</a></strong></p></description> + <description>The content provider of the app accepted arbitrary strings in the field list of the returned file list. This allowed an attacker to run harmful queries, destroying the local cache of the android app. The server data however was never in danger, so removing the account and setting it up again can fix all problems.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-005">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-005</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-005</guid> <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> @@ -102,7 +108,7 @@ <pubDate>Fri, 12 Apr 2019 14:00:00 +0200</pubDate> </item><item> <title>Android App: Improper check for access to application database (NC-SA-2018-015)</title> - <description><p>A too permissive check allowed an installed application that contained the Nextcloud client package name to obtain access to the database of the Nextcloud application. At time of disclosure there are no applications with in the Google Play Store that fullfill this requirement.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-015">For more information please consult the official advisory.</a></strong></p></description> + <description>A too permissive check allowed an installed application that contained the Nextcloud client package name to obtain access to the database of the Nextcloud application. At time of disclosure there are no applications with in the Google Play Store that fullfill this requirement.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-015">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-015</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-015</guid> <pubDate>Fri, 26 Jul 2019 10:00:00 +0200</pubDate> @@ -324,7 +330,7 @@ <pubDate>Tue, 19 Jul 2016 10:26:09 +0200</pubDate> </item><item> <title>Server: Stored XSS in "gallery" application (NC-SA-2016-001)</title> - <description>Due to a recent migration of the Gallery app to the new sharing endpoint a parameter changed from an integer to a string value. This value wasn't sanitized before and was thus now vulnerable to a Cross-Site-Scripting attack.To exploit this vulnerability an authenticated attacker has to share a folder with someone else, get them to open the shared folder in the Gallery app and open the sharing window there.Since Nextcloud employes a strict Content-Security-Policy this vulnerability is only exploitable in browsers not supporting Content-Security-Policy. You can check at <a href="http://caniuse.com/#feat=contentsecuritypolicy">caniuse.com</a> whether your browser supports CSP.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-001">For more information please consult the official advisory.</a></strong></p></description> + <description>Due to a recent migration of the Gallery app to the new sharing endpoint a parameter changed from an integer to a string value. This value wasn't sanitized before and was thus now vulnerable to a Cross-Site-Scripting attack.To exploit this vulnerability an authenticated attacker has to share a folder with someone else, get them to open the shared folder in the Gallery app and open the sharing window there. Since Nextcloud employs a strict Content-Security-Policy this vulnerability is only exploitable in browsers not supporting Content-Security-Policy. You can check at <a href="http://caniuse.com/#feat=contentsecuritypolicy">caniuse.com</a> whether your browser supports CSP.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-001">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-001</link> <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-001</guid> <pubDate>Tue, 19 Jul 2016 10:26:09 +0200</pubDate> diff --git a/advisories/full-list.php b/advisories/full-list.php index a487693a..717244f1 100644 --- a/advisories/full-list.php +++ b/advisories/full-list.php @@ -22,6 +22,16 @@ <li><a href="/security/advisory/?id=NC-SA-2019-012">File-drop content is visible through the gallery app (NC-SA-2019-012)</a> 2019-10-22</li> </ul> +<h3>Circles App 0.17.8</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2019-013">Removing emails from circles does not revoke access to shared items (NC-SA-2019-013)</a> 2019-10-06</li> +</ul> + +<h3>Circles App 0.16.11</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2019-013">Removing emails from circles does not revoke access to shared items (NC-SA-2019-013)</a> 2019-10-06</li> +</ul> + <h3>Nextcloud Server 15.0.8</h3> <ul> <li><a href="/security/advisory/?id=NC-SA-2019-015">Group admins can create users with IDs of system folders (NC-SA-2019-015)</a> 2019-08-12</li> @@ -73,7 +83,7 @@ <li><a href="/security/advisory/?id=NC-SA-2019-005">SQL injection in Android app content provider (NC-SA-2019-005)</a> 2019-07-26</li> </ul> -<h3>lookup-server 0.3.0</h3> +<h3>Lookup server 0.3.0</h3> <ul> <li><a href="/security/advisory/?id=NC-SA-2019-010">SQL Injection in lookup-server (NC-SA-2019-010)</a> 2019-07-26</li> </ul> diff --git a/advisories/nc-sa-2016-001.php b/advisories/nc-sa-2016-001.php index f8253efe..94e4051a 100644 --- a/advisories/nc-sa-2016-001.php +++ b/advisories/nc-sa-2016-001.php @@ -13,7 +13,7 @@ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)</a></p> <p>HackerOne report: <a href="https://hackerone.com/reports/145355">145355</a></p> <h3>Description</h3> - <p>Due to a recent migration of the Gallery app to the new sharing endpoint a parameter changed from an integer to a string value. This value wasn't sanitized before and was thus now vulnerable to a Cross-Site-Scripting attack.To exploit this vulnerability an authenticated attacker has to share a folder with someone else, get them to open the shared folder in the Gallery app and open the sharing window there.Since Nextcloud employes a strict Content-Security-Policy this vulnerability is only exploitable in browsers not supporting Content-Security-Policy. You can check at <a href="http://caniuse.com/#feat=contentsecuritypolicy">caniuse.com</a> whether your browser supports CSP.</p> + <p>Due to a recent migration of the Gallery app to the new sharing endpoint a parameter changed from an integer to a string value. This value wasn't sanitized before and was thus now vulnerable to a Cross-Site-Scripting attack.To exploit this vulnerability an authenticated attacker has to share a folder with someone else, get them to open the shared folder in the Gallery app and open the sharing window there. Since Nextcloud employs a strict Content-Security-Policy this vulnerability is only exploitable in browsers not supporting Content-Security-Policy. You can check at <a href="http://caniuse.com/#feat=contentsecuritypolicy">caniuse.com</a> whether your browser supports CSP.</p> <h3>Affected Software</h3> <ul> <li>Nextcloud Server < <strong>9.0.52</strong> (CVE-2016-7419)</li> diff --git a/advisories/nc-sa-2018-015.php b/advisories/nc-sa-2018-015.php index 4b935f2f..37ff6c10 100644 --- a/advisories/nc-sa-2018-015.php +++ b/advisories/nc-sa-2018-015.php @@ -13,7 +13,7 @@ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/284.html">Improper Access Control (CWE-284)</a></p> <p>HackerOne report: <a href="https://hackerone.com/reports/331302">331302</a></p> <h3>Description</h3> - <p><p>A too permissive check allowed an installed application that contained the Nextcloud client package name to obtain access to the database of the Nextcloud application. At time of disclosure there are no applications with in the Google Play Store that fullfill this requirement.</p></p> + <p>A too permissive check allowed an installed application that contained the Nextcloud client package name to obtain access to the database of the Nextcloud application. At time of disclosure there are no applications with in the Google Play Store that fullfill this requirement.</p> <h3>Affected Software</h3> <ul> <li>Nextcloud Android < <strong>3.2.0</strong> (CVE-2018-3765)</li> @@ -22,7 +22,7 @@ <h3>Action Taken</h3> <p>The error has been fixed.</p> <h3>Resolution</h3> - <p><p>It is recommended that users upgrade to version 3.2.0.</p></p> + <p>It is recommended that users upgrade to version 3.2.0.</p> <h3>Acknowledgements</h3> <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> <ul> diff --git a/advisories/nc-sa-2019-001.php b/advisories/nc-sa-2019-001.php index eabb213d..8b42119d 100644 --- a/advisories/nc-sa-2019-001.php +++ b/advisories/nc-sa-2019-001.php @@ -16,9 +16,9 @@ <p>A missing check revealed the name of confidential events and private events to all users of a shared calendar.</p> <h3>Affected Software</h3> <ul> - <li>Nextcloud Server < <strong>15.0.1</strong> (CVE assignment pending)</li> -<li>Nextcloud Server < <strong>14.0.5</strong> (CVE assignment pending)</li> -<li>Nextcloud Server < <strong>13.0.9</strong> (CVE assignment pending)</li> + <li>Nextcloud Server < <strong>15.0.1</strong> (CVE-2019-5449)</li> +<li>Nextcloud Server < <strong>14.0.5</strong> (CVE-2019-5449)</li> +<li>Nextcloud Server < <strong>13.0.9</strong> (CVE-2019-5449)</li> </ul> <h3>Action Taken</h3> diff --git a/advisories/nc-sa-2019-004.php b/advisories/nc-sa-2019-004.php index 47cd1686..2f574e66 100644 --- a/advisories/nc-sa-2019-004.php +++ b/advisories/nc-sa-2019-004.php @@ -13,7 +13,7 @@ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/288.html">Authentication Bypass Using an Alternate Path or Channel (CWE-288)</a></p> <p>HackerOne report: <a href="https://hackerone.com/reports/490946">490946</a></p> <h3>Description</h3> - <p><p>Creating a fake multi-account and aborting the process would redirect the user to the default account of the device without asking for the lock pattern if one was set up.</p></p> + <p>Creating a fake multi-account and aborting the process would redirect the user to the default account of the device without asking for the lock pattern if one was set up.</p> <h3>Affected Software</h3> <ul> <li>Nextcloud Android < <strong>3.6.1</strong> (CVE-2019-5455)</li> @@ -22,7 +22,7 @@ <h3>Action Taken</h3> <p>The error has been fixed.</p> <h3>Resolution</h3> - <p><p>It is recommended that users upgrade to version 3.6.1.</p></p> + <p>It is recommended that users upgrade to version 3.6.1.</p> <h3>Acknowledgements</h3> <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> <ul> diff --git a/advisories/nc-sa-2019-005.php b/advisories/nc-sa-2019-005.php index 299031b7..fea6d06e 100644 --- a/advisories/nc-sa-2019-005.php +++ b/advisories/nc-sa-2019-005.php @@ -13,7 +13,7 @@ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/89.html">Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)</a></p> <p>HackerOne report: <a href="https://hackerone.com/reports/291764">291764</a></p> <h3>Description</h3> - <p><p>The content provider of the app accepted arbitrary strings in the field list of the returned file list. This allowed an attacker to run harmful queries, destroying the local cache of the android app. The server data however was never in danger, so removing the account and setting it up again can fix all problems.</p></p> + <p>The content provider of the app accepted arbitrary strings in the field list of the returned file list. This allowed an attacker to run harmful queries, destroying the local cache of the android app. The server data however was never in danger, so removing the account and setting it up again can fix all problems.</p> <h3>Affected Software</h3> <ul> <li>Nextcloud Android < <strong>3.0.0</strong> (CVE-2019-5454)</li> @@ -22,7 +22,7 @@ <h3>Action Taken</h3> <p>The file is now delivered with a content-type of "application/octet-stream".</p> <h3>Resolution</h3> - <p><p>It is recommended that users upgrade to version 3.0.0 or later.</p></p> + <p>It is recommended that users upgrade to version 3.0.0 or later.</p> <h3>Acknowledgements</h3> <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> <ul> diff --git a/advisories/nc-sa-2019-006.php b/advisories/nc-sa-2019-006.php index ecaf0c06..a4db81c5 100644 --- a/advisories/nc-sa-2019-006.php +++ b/advisories/nc-sa-2019-006.php @@ -13,7 +13,7 @@ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/288.html">Authentication Bypass Using an Alternate Path or Channel (CWE-288)</a></p> <p>HackerOne report: <a href="https://hackerone.com/reports/331489">331489</a></p> <h3>Description</h3> - <p><p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.</p></p> + <p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.</p> <h3>Affected Software</h3> <ul> <li>Nextcloud Android < <strong>3.3.0</strong> (CVE-2019-5453)</li> @@ -22,7 +22,7 @@ <h3>Action Taken</h3> <p>The error has been fixed.</p> <h3>Resolution</h3> - <p><p>It is recommended that users upgrade to version 3.3.0 or later.</p></p> + <p>It is recommended that users upgrade to version 3.3.0 or later.</p> <h3>Acknowledgements</h3> <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> <ul> diff --git a/advisories/nc-sa-2019-007.php b/advisories/nc-sa-2019-007.php index 1d4c817a..bb4cb17e 100644 --- a/advisories/nc-sa-2019-007.php +++ b/advisories/nc-sa-2019-007.php @@ -13,7 +13,7 @@ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/284.html">Improper Access Control (CWE-284)</a></p> <p>HackerOne report: <a href="https://hackerone.com/reports/534541">534541</a></p> <h3>Description</h3> - <p><p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, he can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.</p></p> + <p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, he can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.</p> <h3>Affected Software</h3> <ul> <li>Nextcloud Android < <strong>3.6.2</strong> (CVE-2019-5452)</li> @@ -22,7 +22,7 @@ <h3>Action Taken</h3> <p>The file is now delivered with a content-type of "application/octet-stream".</p> <h3>Resolution</h3> - <p><p>It is recommended that users upgrade to version 3.6.2.</p></p> + <p>It is recommended that users upgrade to version 3.6.2.</p> <h3>Acknowledgements</h3> <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> <ul> diff --git a/advisories/nc-sa-2019-008.php b/advisories/nc-sa-2019-008.php index 5e704957..29db06a9 100644 --- a/advisories/nc-sa-2019-008.php +++ b/advisories/nc-sa-2019-008.php @@ -13,7 +13,7 @@ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/288.html">Authentication Bypass Using an Alternate Path or Channel (CWE-288)</a></p> <p>HackerOne report: <a href="https://hackerone.com/reports/507172">507172</a></p> <h3>Description</h3> - <p><p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can circumvent the passcode protection by repeatedly opening and closing the app in a very short time.</p></p> + <p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can circumvent the passcode protection by repeatedly opening and closing the app in a very short time.</p> <h3>Affected Software</h3> <ul> <li>Nextcloud Android < <strong>3.6.1</strong> (CVE-2019-5451)</li> @@ -22,7 +22,7 @@ <h3>Action Taken</h3> <p>The error has been fixed.</p> <h3>Resolution</h3> - <p><p>It is recommended that users upgrade to version 3.6.1 or later.</p></p> + <p>It is recommended that users upgrade to version 3.6.1 or later.</p> <h3>Acknowledgements</h3> <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> <ul> diff --git a/advisories/nc-sa-2019-009.php b/advisories/nc-sa-2019-009.php index ea99a772..a631dc0b 100644 --- a/advisories/nc-sa-2019-009.php +++ b/advisories/nc-sa-2019-009.php @@ -13,7 +13,7 @@ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/80.html">Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80)</a></p> <p>HackerOne report: <a href="https://hackerone.com/reports/631227">631227</a></p> <h3>Description</h3> - <p><p>Some basic HTML tags were rendered as Markup in directory names.</p></p> + <p>Some basic HTML tags were rendered as Markup in directory names.</p> <h3>Affected Software</h3> <ul> <li>Nextcloud Android < <strong>3.7.0</strong> (CVE-2019-5450)</li> @@ -22,7 +22,7 @@ <h3>Action Taken</h3> <p>The error has been fixed.</p> <h3>Resolution</h3> - <p><p>It is recommended that users upgrade to version 3.7.0 or later.</p></p> + <p>It is recommended that users upgrade to version 3.7.0 or later.</p> <h3>Acknowledgements</h3> <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> <ul> diff --git a/advisories/nc-sa-2019-010.php b/advisories/nc-sa-2019-010.php index 90678881..d9aa6a96 100644 --- a/advisories/nc-sa-2019-010.php +++ b/advisories/nc-sa-2019-010.php @@ -16,7 +16,7 @@ <p>Improper sanitation of user input allowed any unauthenticated user to perform SQL injection attacks.</p> <h3>Affected Software</h3> <ul> - <li>Nextcloud Lookup-server < <strong>0.3.0</strong> (CVE assignment pending)</li> + <li>Nextcloud Lookup-server < <strong>0.3.0</strong> (CVE-2019-5476)</li> </ul> <h3>Action Taken</h3> diff --git a/advisories/nc-sa-2019-011.php b/advisories/nc-sa-2019-011.php index 38ae60d3..1252e7f4 100644 --- a/advisories/nc-sa-2019-011.php +++ b/advisories/nc-sa-2019-011.php @@ -13,7 +13,7 @@ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/89.html">Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)</a></p> <p>HackerOne report: <a href="https://hackerone.com/reports/518669">518669</a></p> <h3>Description</h3> - <p><p>Not strictly enough sanitization allowed an attacker to get content information from protected tables when using custom queries.</p></p> + <p>Not strictly enough sanitization allowed an attacker to get content information from protected tables when using custom queries.</p> <h3>Affected Software</h3> <ul> <li>Nextcloud Android < <strong>3.6.1</strong> (CVE assignment pending)</li> @@ -22,7 +22,7 @@ <h3>Action Taken</h3> <p>The error has been fixed.</p> <h3>Resolution</h3> - <p><p>It is recommended that users upgrade to version 3.6.1 or later.</p></p> + <p>It is recommended that users upgrade to version 3.6.1 or later.</p> <h3>Acknowledgements</h3> <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> <ul> diff --git a/advisories/nc-sa-2019-013.php b/advisories/nc-sa-2019-013.php new file mode 100644 index 00000000..5c35ca60 --- /dev/null +++ b/advisories/nc-sa-2019-013.php @@ -0,0 +1,35 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Removing emails from circles does not revoke access to shared items (NC-SA-2019-013)</h2> + <p>6th October 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 2 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N">AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/285.html">Improper Authorization (CWE-285)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/673724">673724</a></p> + <h3>Description</h3> + <p>Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Circles < <strong>0.17.8</strong> (CVE assignment pending)</li> +<li>Nextcloud Circles < <strong>0.16.11</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Circles app is upgraded to 0.17.8.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>michag86 - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2019-017.php b/advisories/nc-sa-2019-017.php index 1a61c57f..2536c5cb 100644 --- a/advisories/nc-sa-2019-017.php +++ b/advisories/nc-sa-2019-017.php @@ -13,7 +13,7 @@ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/657.html">Violation of Secure Design Principles (CWE-657)</a></p> <p>HackerOne report: <a href="https://hackerone.com/reports/672623">672623</a></p> <h3>Description</h3> - <p>Violation of Secure Design Principles in the iOS App 2.24.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.</p> + <p>Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.</p> <h3>Affected Software</h3> <ul> <li>Nextcloud Ios < <strong>2.24.0</strong> (CVE assignment pending)</li> |