diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2018-10-25 15:21:35 +0300 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2018-10-25 15:21:35 +0300 |
| commit | da0e06398803daaa82579da5984a0e70693ad289 (patch) | |
| tree | 4c34d567c8208072826e6501a780570a007f471c /advisories | |
| parent | 55902ff83f17f9b81519b5f5b23e0cfbb097675f (diff) | |
Publish new advisories
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Diffstat (limited to 'advisories')
| -rw-r--r-- | advisories/advisories.rss | 30 | ||||
| -rw-r--r-- | advisories/full-list.php | 77 | ||||
| -rw-r--r-- | advisories/nc-sa-2018-008.php | 2 | ||||
| -rw-r--r-- | advisories/nc-sa-2018-009.php | 2 | ||||
| -rw-r--r-- | advisories/nc-sa-2018-010.php | 36 | ||||
| -rw-r--r-- | advisories/nc-sa-2018-011.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2018-012.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2018-013.php | 36 | ||||
| -rw-r--r-- | advisories/nc-sa-2018-014.php | 34 |
9 files changed, 259 insertions, 26 deletions
diff --git a/advisories/advisories.rss b/advisories/advisories.rss index b9fb22a5..06e037f3 100644 --- a/advisories/advisories.rss +++ b/advisories/advisories.rss @@ -5,6 +5,36 @@ <link>https://nextcloud.com/security/advisories/</link> <description>The Nextcloud security advisories as a RSS feed</description> <ttl>1800</ttl><item> + <title>Server: Improper access control checks for single share previews (NC-SA-2018-014)</title> + <description><p>A missing check could give unauthorized access to the previews of single file password protected shares.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-014">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-014</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-014</guid> + <pubDate>Thu, 25 Oct 2018 14:00:00 +0200</pubDate> + </item><item> + <title>Server: Session fixation on public share page (NC-SA-2018-013)</title> + <description><p>A bug causing session fixation could potentially allow an attacker to obtain access to password protected shares.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-013">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-013</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-013</guid> + <pubDate>Thu, 25 Oct 2018 14:00:00 +0200</pubDate> + </item><item> + <title>Server: Improper authentication on public shares (NC-SA-2018-012)</title> + <description><p>A missing access check could lead to continued access to password protected link shares when the owner had changed the password.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-012">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-012</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-012</guid> + <pubDate>Thu, 25 Oct 2018 14:00:00 +0200</pubDate> + </item><item> + <title>Server: Second factor authentication bypassed if provider fails to load (NC-SA-2018-011)</title> + <description><p>Missing state would not enforce the use of a second factor at login if the the provider of the second factor failed to load.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-011">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-011</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-011</guid> + <pubDate>Thu, 25 Oct 2018 14:00:00 +0200</pubDate> + </item><item> + <title>Server: Improper validation of permissions (NC-SA-2018-010)</title> + <description><p>Improper revalidation of permissions lead to not accepting access restrictions by acess tokens.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-010">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-010</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-010</guid> + <pubDate>Thu, 25 Oct 2018 14:00:00 +0200</pubDate> + </item><item> <title>Talk App: Stored XSS in autocomplete suggestions for chat @-mentions (NC-SA-2018-009)</title> <description><p>A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-009">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-009</link> diff --git a/advisories/full-list.php b/advisories/full-list.php index c8b33ae3..28985e30 100644 --- a/advisories/full-list.php +++ b/advisories/full-list.php @@ -2,6 +2,35 @@ <h2>2018</h2> +<h3>Nextcloud Server 14.0.0</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2018-014">Improper access control checks for single share previews (NC-SA-2018-014)</a> 2018-10-25</li> + <li><a href="/security/advisory/?id=NC-SA-2018-013">Session fixation on public share page (NC-SA-2018-013)</a> 2018-10-25</li> + <li><a href="/security/advisory/?id=NC-SA-2018-012">Improper authentication on public shares (NC-SA-2018-012)</a> 2018-10-25</li> + <li><a href="/security/advisory/?id=NC-SA-2018-011">Second factor authentication bypassed if provider fails to load (NC-SA-2018-011)</a> 2018-10-25</li> + <li><a href="/security/advisory/?id=NC-SA-2018-010">Improper validation of permissions (NC-SA-2018-010)</a> 2018-10-25</li> +</ul> + +<h3>Nextcloud Server 13.0.6</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2018-010">Improper validation of permissions (NC-SA-2018-010)</a> 2018-10-25</li> +</ul> + +<h3>Nextcloud Server 12.0.11</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2018-010">Improper validation of permissions (NC-SA-2018-010)</a> 2018-10-25</li> +</ul> + +<h3>Nextcloud Server 13.0.3</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2018-013">Session fixation on public share page (NC-SA-2018-013)</a> 2018-10-25</li> +</ul> + +<h3>Nextcloud Server 12.0.8</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2018-013">Session fixation on public share page (NC-SA-2018-013)</a> 2018-10-25</li> +</ul> + <h3>Nextcloud Server 13.0.5</h3> <ul> <li><a href="/security/advisory/?id=NC-SA-2018-008">Stored XSS in autocomplete suggestions for file comments (NC-SA-2018-008)</a> 2018-08-10</li> @@ -14,8 +43,8 @@ <h3>Nextcloud Server 12.0.3</h3> <ul> - <li><a href="/security/advisory/?id=NC-SA-2018-006">Improper validation of data passed to JSON encoder (NC-SA-2018-006)</a> 2018-08-03</li> <li><a href="/security/advisory/?id=NC-SA-2018-007">Bypass of 2 Factor Authentication (NC-SA-2018-007)</a> 2018-08-03</li> + <li><a href="/security/advisory/?id=NC-SA-2018-006">Improper validation of data passed to JSON encoder (NC-SA-2018-006)</a> 2018-08-03</li> </ul> <h3>Nextcloud Server 11.0.5</h3> @@ -25,14 +54,14 @@ <h3>Nextcloud Server 13.0.3</h3> <ul> - <li><a href="/security/advisory/?id=NC-SA-2018-002">File access control rules not applied to image previews (NC-SA-2018-002)</a> 2018-06-21</li> <li><a href="/security/advisory/?id=NC-SA-2018-003">Improper validation on OAuth2 token endpoint (NC-SA-2018-003)</a> 2018-06-21</li> + <li><a href="/security/advisory/?id=NC-SA-2018-002">File access control rules not applied to image previews (NC-SA-2018-002)</a> 2018-06-21</li> </ul> <h3>Nextcloud Server 12.0.8</h3> <ul> - <li><a href="/security/advisory/?id=NC-SA-2018-002">File access control rules not applied to image previews (NC-SA-2018-002)</a> 2018-06-21</li> <li><a href="/security/advisory/?id=NC-SA-2018-003">Improper validation on OAuth2 token endpoint (NC-SA-2018-003)</a> 2018-06-21</li> + <li><a href="/security/advisory/?id=NC-SA-2018-002">File access control rules not applied to image previews (NC-SA-2018-002)</a> 2018-06-21</li> </ul> <h3>Calendar App 1.6.1</h3> @@ -66,11 +95,11 @@ <h3>Nextcloud Server 11.0.3</h3> <ul> - <li><a href="/security/advisory/?id=NC-SA-2017-010">Stored XSS in Gallery application (NC-SA-2017-010)</a> 2017-05-08</li> <li><a href="/security/advisory/?id=NC-SA-2017-011">Share tokens for public calendars disclosed (NC-SA-2017-011)</a> 2017-05-08</li> - <li><a href="/security/advisory/?id=NC-SA-2017-007">DOM XSS vulnerability in search dialogue (NC-SA-2017-007)</a> 2017-05-08</li> + <li><a href="/security/advisory/?id=NC-SA-2017-010">Stored XSS in Gallery application (NC-SA-2017-010)</a> 2017-05-08</li> <li><a href="/security/advisory/?id=NC-SA-2017-009">Limitation of app specific password scope can be bypassed (NC-SA-2017-009)</a> 2017-05-08</li> <li><a href="/security/advisory/?id=NC-SA-2017-008">Reflected XSS in error pages (NC-SA-2017-008)</a> 2017-05-08</li> + <li><a href="/security/advisory/?id=NC-SA-2017-007">DOM XSS vulnerability in search dialogue (NC-SA-2017-007)</a> 2017-05-08</li> </ul> <h3>Nextcloud Server 10.0.5</h3> @@ -97,43 +126,43 @@ <h3>Nextcloud Server 10.0.2</h3> <ul> - <li><a href="/security/advisory/?id=NC-SA-2017-004">Denial of Service attack (NC-SA-2017-004)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-001">Permission increase on re-sharing via OCS API (NC-SA-2017-001)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-002">Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-003">Error message discloses existence of file in write-only share (NC-SA-2017-003)</a> 2017-02-05</li> <li><a href="/security/advisory/?id=NC-SA-2017-006">Content-Spoofing in "files" app (NC-SA-2017-006)</a> 2017-02-05</li> <li><a href="/security/advisory/?id=NC-SA-2017-005">Bypassing quota limitation (NC-SA-2017-005)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-004">Denial of Service attack (NC-SA-2017-004)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-003">Error message discloses existence of file in write-only share (NC-SA-2017-003)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-002">Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-001">Permission increase on re-sharing via OCS API (NC-SA-2017-001)</a> 2017-02-05</li> </ul> <h3>Nextcloud Server 9.0.55</h3> <ul> - <li><a href="/security/advisory/?id=NC-SA-2017-004">Denial of Service attack (NC-SA-2017-004)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-001">Permission increase on re-sharing via OCS API (NC-SA-2017-001)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-002">Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-003">Error message discloses existence of file in write-only share (NC-SA-2017-003)</a> 2017-02-05</li> <li><a href="/security/advisory/?id=NC-SA-2017-006">Content-Spoofing in "files" app (NC-SA-2017-006)</a> 2017-02-05</li> <li><a href="/security/advisory/?id=NC-SA-2017-005">Bypassing quota limitation (NC-SA-2017-005)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-004">Denial of Service attack (NC-SA-2017-004)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-003">Error message discloses existence of file in write-only share (NC-SA-2017-003)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-002">Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)</a> 2017-02-05</li> + <li><a href="/security/advisory/?id=NC-SA-2017-001">Permission increase on re-sharing via OCS API (NC-SA-2017-001)</a> 2017-02-05</li> </ul> <hr> <h2>2016</h2> -<h3>Nextcloud Server 9.0.54</h3> +<h3>Nextcloud Server 10.0.1</h3> <ul> - <li><a href="/security/advisory/?id=NC-SA-2016-006">SMB User Authentication Bypass (NC-SA-2016-006)</a> 2016-10-10</li> - <li><a href="/security/advisory/?id=NC-SA-2016-010">Content-Spoofing in "files" app (NC-SA-2016-010)</a> 2016-10-10</li> <li><a href="/security/advisory/?id=NC-SA-2016-011">Content-Spoofing in "dav" app (NC-SA-2016-011)</a> 2016-10-10</li> - <li><a href="/security/advisory/?id=NC-SA-2016-007">Improper authorization check on removing shares (NC-SA-2016-007)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-010">Content-Spoofing in "files" app (NC-SA-2016-010)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-009">Reflected XSS in Gallery application (NC-SA-2016-009)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-008">Stored XSS in CardDAV image export (NC-SA-2016-008)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-006">SMB User Authentication Bypass (NC-SA-2016-006)</a> 2016-10-10</li> </ul> -<h3>Nextcloud Server 10.0.1</h3> +<h3>Nextcloud Server 9.0.54</h3> <ul> - <li><a href="/security/advisory/?id=NC-SA-2016-006">SMB User Authentication Bypass (NC-SA-2016-006)</a> 2016-10-10</li> - <li><a href="/security/advisory/?id=NC-SA-2016-009">Reflected XSS in Gallery application (NC-SA-2016-009)</a> 2016-10-10</li> - <li><a href="/security/advisory/?id=NC-SA-2016-010">Content-Spoofing in "files" app (NC-SA-2016-010)</a> 2016-10-10</li> - <li><a href="/security/advisory/?id=NC-SA-2016-008">Stored XSS in CardDAV image export (NC-SA-2016-008)</a> 2016-10-10</li> <li><a href="/security/advisory/?id=NC-SA-2016-011">Content-Spoofing in "dav" app (NC-SA-2016-011)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-010">Content-Spoofing in "files" app (NC-SA-2016-010)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-007">Improper authorization check on removing shares (NC-SA-2016-007)</a> 2016-10-10</li> + <li><a href="/security/advisory/?id=NC-SA-2016-006">SMB User Authentication Bypass (NC-SA-2016-006)</a> 2016-10-10</li> </ul> <h3>Nextcloud Server 10.0.0</h3> @@ -143,10 +172,10 @@ <h3>Nextcloud Server 9.0.52</h3> <ul> - <li><a href="/security/advisory/?id=NC-SA-2016-001">Stored XSS in "gallery" application (NC-SA-2016-001)</a> 2016-07-19</li> <li><a href="/security/advisory/?id=NC-SA-2016-005">Read-only share recipient can restore old versions of file (NC-SA-2016-005)</a> 2016-07-19</li> + <li><a href="/security/advisory/?id=NC-SA-2016-004">Edit permission check not enforced on WebDAV COPY action (NC-SA-2016-004)</a> 2016-07-19</li> <li><a href="/security/advisory/?id=NC-SA-2016-003">Content-Spoofing in "files" app (NC-SA-2016-003)</a> 2016-07-19</li> <li><a href="/security/advisory/?id=NC-SA-2016-002">Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)</a> 2016-07-19</li> - <li><a href="/security/advisory/?id=NC-SA-2016-004">Edit permission check not enforced on WebDAV COPY action (NC-SA-2016-004)</a> 2016-07-19</li> + <li><a href="/security/advisory/?id=NC-SA-2016-001">Stored XSS in "gallery" application (NC-SA-2016-001)</a> 2016-07-19</li> </ul> diff --git a/advisories/nc-sa-2018-008.php b/advisories/nc-sa-2018-008.php index a3e6019d..67bc940e 100644 --- a/advisories/nc-sa-2018-008.php +++ b/advisories/nc-sa-2018-008.php @@ -9,7 +9,7 @@ <h2>Stored XSS in autocomplete suggestions for file comments (NC-SA-2018-008)</h2> <p>10th August 2018</p> <p>Risk level: <strong>Low</strong></p> - <p>CVSS v3 Base Score: 2.1 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N">AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N</a>)</p> + <p>CVSS v3 Base Score: 0 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N">AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N</a>)</p> <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)</a></p> <h3>Description</h3> diff --git a/advisories/nc-sa-2018-009.php b/advisories/nc-sa-2018-009.php index bd3ad88e..ab0c3b07 100644 --- a/advisories/nc-sa-2018-009.php +++ b/advisories/nc-sa-2018-009.php @@ -9,7 +9,7 @@ <h2>Stored XSS in autocomplete suggestions for chat @-mentions (NC-SA-2018-009)</h2> <p>10th August 2018</p> <p>Risk level: <strong>Low</strong></p> - <p>CVSS v3 Base Score: 2.1 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N">AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N</a>)</p> + <p>CVSS v3 Base Score: 0 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N">AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N</a>)</p> <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)</a></p> <h3>Description</h3> diff --git a/advisories/nc-sa-2018-010.php b/advisories/nc-sa-2018-010.php new file mode 100644 index 00000000..0ff63b42 --- /dev/null +++ b/advisories/nc-sa-2018-010.php @@ -0,0 +1,36 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Improper validation of permissions (NC-SA-2018-010)</h2> + <p>25th October 2018</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 6.4 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N">AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/284.html">Improper Access Control - Generic (CWE-284)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/388515">388515</a></p> + <h3>Description</h3> + <p><p>Improper revalidation of permissions lead to not accepting access restrictions by acess tokens.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>14.0.0</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>13.0.6</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>12.0.11</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Mohd Haji - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2018-011.php b/advisories/nc-sa-2018-011.php new file mode 100644 index 00000000..81e0a10b --- /dev/null +++ b/advisories/nc-sa-2018-011.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Second factor authentication bypassed if provider fails to load (NC-SA-2018-011)</h2> + <p>25th October 2018</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 5.7 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N">AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/287.html">Improper Authentication - Generic (CWE-287)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/317711">317711</a></p> + <h3>Description</h3> + <p><p>Missing state would not enforce the use of a second factor at login if the the provider of the second factor failed to load.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>14.0.0</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://www.cyphar.com/" target="_blank" rel="noreferrer">Aleksa Sarai - SUSE Linux GmbH (cyphar@cyphar.com) - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2018-012.php b/advisories/nc-sa-2018-012.php new file mode 100644 index 00000000..20d49e44 --- /dev/null +++ b/advisories/nc-sa-2018-012.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Improper authentication on public shares (NC-SA-2018-012)</h2> + <p>25th October 2018</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 3.7 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N">CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/287.html">Improper Authentication - Generic (CWE-287)</a></p> + + <h3>Description</h3> + <p><p>A missing access check could lead to continued access to password protected link shares when the owner had changed the password.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>14.0.0</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Rudra Pratap Singh - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2018-013.php b/advisories/nc-sa-2018-013.php new file mode 100644 index 00000000..8ef47b63 --- /dev/null +++ b/advisories/nc-sa-2018-013.php @@ -0,0 +1,36 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Session fixation on public share page (NC-SA-2018-013)</h2> + <p>25th October 2018</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 3.1 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N">AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/384.html">Session Fixation (CWE-384)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/237184">237184</a></p> + <h3>Description</h3> + <p><p>A bug causing session fixation could potentially allow an attacker to obtain access to password protected shares.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>14.0.0</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>13.0.3</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>12.0.8</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Anonymous hacker - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2018-014.php b/advisories/nc-sa-2018-014.php new file mode 100644 index 00000000..10b444f1 --- /dev/null +++ b/advisories/nc-sa-2018-014.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Improper access control checks for single share previews (NC-SA-2018-014)</h2> + <p>25th October 2018</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 4.8 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N">AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/287.html">Improper Authentication (CWE-287)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/231917">231917</a></p> + <h3>Description</h3> + <p><p>A missing check could give unauthorized access to the previews of single file password protected shares.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>14.0.0</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://cp270.wordpress.com" target="_blank" rel="noreferrer">Carl Pearson - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> |