Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/nextcloud.com.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/advisories
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2021-01-22 18:30:51 +0300
committerJoas Schilling <coding@schilljs.com>2021-01-22 18:30:51 +0300
commit85ccab41aae8fa1cfd73a14e1516a6283dfcc082 (patch)
tree3756508d157c87dd4b97960f9af63a3231f2d5f1 /advisories
parent6a3633e86d0f7b34f13fb8084dccd3c54b888397 (diff)
Add advisories 2021-001 and 2021-002
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'advisories')
-rw-r--r--advisories/advisories.rss12
-rw-r--r--advisories/full-list.php22
-rw-r--r--advisories/nc-sa-2021-001.php36
-rw-r--r--advisories/nc-sa-2021-002.php36
4 files changed, 106 insertions, 0 deletions
diff --git a/advisories/advisories.rss b/advisories/advisories.rss
index bb22bff9..dd1bda2a 100644
--- a/advisories/advisories.rss
+++ b/advisories/advisories.rss
@@ -5,6 +5,18 @@
<link>https://nextcloud.com/security/advisories/</link>
<description>The Nextcloud security advisories as a RSS feed</description>
<ttl>1800</ttl><item>
+ <title>Server: Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)</title>
+ <description>A missing link validation in Nextcloud Server 20.0.1 allowed to execute a stored XSS attack on Internet Explorer users by saving a javascript url in a Markdown.&lt;br/&gt;&lt;hr/&gt;&lt;p&gt;&lt;strong&gt;&lt;a href=&quot;https://nextcloud.com/security/advisory/?id=nC-SA-2021-002&quot;&gt;For more information please consult the official advisory.&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;</description>
+ <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-002</link>
+ <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-002</guid>
+ <pubDate>Wed, 18 Nov 2020 13:00:00 +0100</pubDate>
+ </item><item>
+ <title>Server: Potential DDoS when posting long data into workflow validation rules (NC-SA-2021-001)</title>
+ <description>A missing input validation in Nextcloud Server 20.0.1 allowed users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.&lt;br/&gt;&lt;hr/&gt;&lt;p&gt;&lt;strong&gt;&lt;a href=&quot;https://nextcloud.com/security/advisory/?id=nC-SA-2021-001&quot;&gt;For more information please consult the official advisory.&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;</description>
+ <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-001</link>
+ <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-001</guid>
+ <pubDate>Wed, 18 Nov 2020 13:00:00 +0100</pubDate>
+ </item><item>
<title>Contacts App: XSS through image upload of contacts using svg file (NC-SA-2020-045)</title>
<description>A missing file type check in Nextcloud Contacts 3.3.0 allowed a malicious user to upload malicious SVG files to perform XSS attacks.&lt;br/&gt;&lt;hr/&gt;&lt;p&gt;&lt;strong&gt;&lt;a href=&quot;https://nextcloud.com/security/advisory/?id=nC-SA-2020-045&quot;&gt;For more information please consult the official advisory.&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;</description>
<link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-045</link>
diff --git a/advisories/full-list.php b/advisories/full-list.php
index 2a551fb5..0ab6ffb9 100644
--- a/advisories/full-list.php
+++ b/advisories/full-list.php
@@ -1,5 +1,27 @@
<hr>
+<h2>2021</h2>
+
+<h3>Nextcloud Server 20.0.2</h3>
+<ul>
+ <li><a href="/security/advisory/?id=NC-SA-2021-002">Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)</a> 2020-11-18</li>
+ <li><a href="/security/advisory/?id=NC-SA-2021-001">Potential DDoS when posting long data into workflow validation rules (NC-SA-2021-001)</a> 2020-11-18</li>
+</ul>
+
+<h3>Nextcloud Server 19.0.5</h3>
+<ul>
+ <li><a href="/security/advisory/?id=NC-SA-2021-002">Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)</a> 2020-11-18</li>
+ <li><a href="/security/advisory/?id=NC-SA-2021-001">Potential DDoS when posting long data into workflow validation rules (NC-SA-2021-001)</a> 2020-11-18</li>
+</ul>
+
+<h3>Nextcloud Server 18.0.11</h3>
+<ul>
+ <li><a href="/security/advisory/?id=NC-SA-2021-002">Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)</a> 2020-11-18</li>
+ <li><a href="/security/advisory/?id=NC-SA-2021-001">Potential DDoS when posting long data into workflow validation rules (NC-SA-2021-001)</a> 2020-11-18</li>
+</ul>
+
+<hr>
+
<h2>2020</h2>
<h3>Contacts App 3.4.1</h3>
diff --git a/advisories/nc-sa-2021-001.php b/advisories/nc-sa-2021-001.php
new file mode 100644
index 00000000..cbb65a80
--- /dev/null
+++ b/advisories/nc-sa-2021-001.php
@@ -0,0 +1,36 @@
+<div class="row page-content-header">
+<div class="col-md-12">
+ <h1>Security Advisory</h1>
+ <a href="/security/advisories/">Back to advisories</a>
+</div>
+</div>
+<div class="row">
+ <div class="col-md-12">
+ <h2>Potential DDoS when posting long data into workflow validation rules (NC-SA-2021-001)</h2>
+ <p>18th November 2020</p>
+ <p>Risk level: <strong>Low</strong></p>
+ <p>CVSS v3 Base Score: 5.7 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H">AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H</a>)</p>
+ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/400.html">Denial of Service (CWE-400)</a></p>
+ <p>HackerOne report: <a href="https://hackerone.com/reports/1018146">1018146</a></p>
+ <h3>Description</h3>
+ <p>A missing input validation in Nextcloud Server 20.0.1 allowed users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.</p>
+ <h3>Affected Software</h3>
+ <ul>
+ <li>Nextcloud Server &lt; <strong>20.0.2</strong> (CVE-2020-8293)</li>
+<li>Nextcloud Server &lt; <strong>19.0.5</strong> (CVE-2020-8293)</li>
+<li>Nextcloud Server &lt; <strong>18.0.11</strong> (CVE-2020-8293)</li>
+
+ </ul>
+ <h3>Action Taken</h3>
+ <p>The error has been fixed.</p>
+ <h3>Resolution</h3>
+ <p>It is recommended that the Nextcloud Server is upgraded to 20.0.2.</p>
+ <h3>Acknowledgements</h3>
+ <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p>
+ <ul>
+ <li><a href="https://twitter.com/DemoniaSlash" target="_blank" rel="noreferrer">Mohamed Dief - Vulnerability discovery and disclosure.</a></li>
+ </ul>
+ <br/>
+ <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small>
+ </div>
+</div>
diff --git a/advisories/nc-sa-2021-002.php b/advisories/nc-sa-2021-002.php
new file mode 100644
index 00000000..e9f2c46e
--- /dev/null
+++ b/advisories/nc-sa-2021-002.php
@@ -0,0 +1,36 @@
+<div class="row page-content-header">
+<div class="col-md-12">
+ <h1>Security Advisory</h1>
+ <a href="/security/advisories/">Back to advisories</a>
+</div>
+</div>
+<div class="row">
+ <div class="col-md-12">
+ <h2>Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)</h2>
+ <p>18th November 2020</p>
+ <p>Risk level: <strong>Low</strong></p>
+ <p>CVSS v3 Base Score: 3 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N">AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N</a>)</p>
+ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Cross-site Scripting (XSS) - Stored (CWE-79)</a></p>
+ <p>HackerOne report: <a href="https://hackerone.com/reports/1023787">1023787</a></p>
+ <h3>Description</h3>
+ <p>A missing link validation in Nextcloud Server 20.0.1 allowed to execute a stored XSS attack on Internet Explorer users by saving a javascript url in a Markdown.</p>
+ <h3>Affected Software</h3>
+ <ul>
+ <li>Nextcloud Server &lt; <strong>20.0.2</strong> (CVE-2020-8294)</li>
+<li>Nextcloud Server &lt; <strong>19.0.5</strong> (CVE-2020-8294)</li>
+<li>Nextcloud Server &lt; <strong>18.0.11</strong> (CVE-2020-8294)</li>
+
+ </ul>
+ <h3>Action Taken</h3>
+ <p>The error has been fixed.</p>
+ <h3>Resolution</h3>
+ <p>It is recommended that the Nextcloud Server is upgraded to 20.0.2.</p>
+ <h3>Acknowledgements</h3>
+ <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p>
+ <ul>
+ <li><a href="luis@teix.co" target="_blank" rel="noreferrer">Luis Teixeira - Vulnerability discovery and disclosure.</a></li>
+ </ul>
+ <br/>
+ <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small>
+ </div>
+</div>
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-02 13:42:06 +0300