diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2019-07-26 13:24:37 +0300 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2019-07-26 13:24:37 +0300 |
| commit | eab5ca9ea42af7efe639d0f323e55f76b3232ac8 (patch) | |
| tree | bb04818384f96227fc0171f453d43e1c961c66f7 /advisories | |
| parent | 72e6e90cdcb0cb927d1c64f5eb8e2c0d755da64a (diff) | |
Release latest security advisories
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Diffstat (limited to 'advisories')
| -rw-r--r-- | advisories/advisories.rss | 54 | ||||
| -rw-r--r-- | advisories/full-list.php | 45 | ||||
| -rw-r--r-- | advisories/nc-sa-2018-015.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-001.php | 36 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-004.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-005.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-006.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-007.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-008.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-009.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2019-011.php | 34 |
11 files changed, 404 insertions, 3 deletions
diff --git a/advisories/advisories.rss b/advisories/advisories.rss index 70e3e1f5..6a3d1607 100644 --- a/advisories/advisories.rss +++ b/advisories/advisories.rss @@ -5,6 +5,48 @@ <link>https://nextcloud.com/security/advisories/</link> <description>The Nextcloud security advisories as a RSS feed</description> <ttl>1800</ttl><item> + <title>Mobile App: Query restriction bypass on exposed FileContentProvider in Android app (NC-SA-2019-011)</title> + <description><p>Not strictly enough sanitization allowed an attacker to get content information from protected tables when using custom queries.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-011">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-011</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-011</guid> + <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> + </item><item> + <title>Mobile App: Improper sanitization of HTML in directory names (NC-SA-2019-009)</title> + <description><p>Some basic HTML tags were rendered as Markup in directory names.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-009">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-009</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-009</guid> + <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> + </item><item> + <title>Mobile App: Bypass lock protection in Android app (NC-SA-2019-008)</title> + <description><p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can circumvent the passcode protection by repeatedly opening and closing the app in a very short time.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-008">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-008</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-008</guid> + <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> + </item><item> + <title>Mobile App: Thumbnails of files leaked via Android content provider (NC-SA-2019-007)</title> + <description><p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, he can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-007">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-007</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-007</guid> + <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> + </item><item> + <title>Mobile App: Bypass lock protection in Android app (NC-SA-2019-006)</title> + <description><p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-006">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-006</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-006</guid> + <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> + </item><item> + <title>Mobile App: SQL injection in Android app content provider (NC-SA-2019-005)</title> + <description><p>The content provider of the app accepted arbitrary strings in the field list of the returned file list. This allowed an attacker to run harmful queries, destroying the local cache of the android app. The server data however was never in danger, so removing the account and setting it up again can fix all problems.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-005">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-005</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-005</guid> + <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> + </item><item> + <title>Mobile App: Bypass lock protection in Android app (NC-SA-2019-004)</title> + <description><p>Creating a fake multi-account and aborting the process would redirect the user to the default account of the device without asking for the lock pattern if one was set up.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-004">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-004</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-004</guid> + <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> + </item><item> <title>Server: Improper share updates could result in extended data access (NC-SA-2019-003)</title> <description>A bug could expose more data in reshared link shares than intended by the sharer.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-003">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-003</link> @@ -17,6 +59,18 @@ <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-002</guid> <pubDate>Fri, 12 Apr 2019 14:00:00 +0200</pubDate> </item><item> + <title>Server: Classification of calendar events is ignored by the activity stream (NC-SA-2019-001)</title> + <description>A missing check revealed the name of confidential events and private events to all users of a shared calendar.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-001">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-001</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-001</guid> + <pubDate>Fri, 12 Apr 2019 14:00:00 +0200</pubDate> + </item><item> + <title>Mobile App: Improper check for access to application database (NC-SA-2018-015)</title> + <description><p>A too permissive check allowed an installed application that contained the Nextcloud client package name to obtain access to the database of the Nextcloud application. At time of disclosure there are no applications with in the Google Play Store that fullfill this requirement.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-015">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-015</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-015</guid> + <pubDate>Fri, 26 Jul 2019 10:00:00 +0200</pubDate> + </item><item> <title>Server: Improper access control checks for single share previews (NC-SA-2018-014)</title> <description>A missing check could give unauthorized access to the previews of single file password protected shares.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-014">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-014</link> diff --git a/advisories/full-list.php b/advisories/full-list.php index 5c7e3858..5ccf26a4 100644 --- a/advisories/full-list.php +++ b/advisories/full-list.php @@ -2,20 +2,54 @@ <h2>2019</h2> -<h3>Nextcloud Server 15.0.0</h3> +<h3>Mobile App 3.7.0</h3> <ul> - <li><a href="/security/advisory/?id=NC-SA-2019-003">Improper share updates could result in extended data access (NC-SA-2019-003)</a> 2019-04-12</li> - <li><a href="/security/advisory/?id=NC-SA-2019-002">Improper access control checks for share expiration date (NC-SA-2019-002)</a> 2019-04-12</li> + <li><a href="/security/advisory/?id=NC-SA-2019-009">Improper sanitization of HTML in directory names (NC-SA-2019-009)</a> 2019-07-26</li> +</ul> + +<h3>Mobile App 3.6.2</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2019-007">Thumbnails of files leaked via Android content provider (NC-SA-2019-007)</a> 2019-07-26</li> +</ul> + +<h3>Mobile App 3.6.1</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2019-011">Query restriction bypass on exposed FileContentProvider in Android app (NC-SA-2019-011)</a> 2019-07-26</li> + <li><a href="/security/advisory/?id=NC-SA-2019-008">Bypass lock protection in Android app (NC-SA-2019-008)</a> 2019-07-26</li> + <li><a href="/security/advisory/?id=NC-SA-2019-004">Bypass lock protection in Android app (NC-SA-2019-004)</a> 2019-07-26</li> +</ul> + +<h3>Mobile App 3.3.0</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2019-006">Bypass lock protection in Android app (NC-SA-2019-006)</a> 2019-07-26</li> +</ul> + +<h3>Mobile App 3.0.0</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2019-005">SQL injection in Android app content provider (NC-SA-2019-005)</a> 2019-07-26</li> +</ul> + +<h3>Nextcloud Server 15.0.1</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2019-001">Classification of calendar events is ignored by the activity stream (NC-SA-2019-001)</a> 2019-04-12</li> </ul> <h3>Nextcloud Server 14.0.5</h3> <ul> <li><a href="/security/advisory/?id=NC-SA-2019-003">Improper share updates could result in extended data access (NC-SA-2019-003)</a> 2019-04-12</li> + <li><a href="/security/advisory/?id=NC-SA-2019-001">Classification of calendar events is ignored by the activity stream (NC-SA-2019-001)</a> 2019-04-12</li> </ul> <h3>Nextcloud Server 13.0.9</h3> <ul> <li><a href="/security/advisory/?id=NC-SA-2019-003">Improper share updates could result in extended data access (NC-SA-2019-003)</a> 2019-04-12</li> + <li><a href="/security/advisory/?id=NC-SA-2019-001">Classification of calendar events is ignored by the activity stream (NC-SA-2019-001)</a> 2019-04-12</li> +</ul> + +<h3>Nextcloud Server 15.0.0</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2019-003">Improper share updates could result in extended data access (NC-SA-2019-003)</a> 2019-04-12</li> + <li><a href="/security/advisory/?id=NC-SA-2019-002">Improper access control checks for share expiration date (NC-SA-2019-002)</a> 2019-04-12</li> </ul> <h3>Nextcloud Server 14.0.4</h3> @@ -37,6 +71,11 @@ <h2>2018</h2> +<h3>Mobile App 3.2.0</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2018-015">Improper check for access to application database (NC-SA-2018-015)</a> 2019-07-26</li> +</ul> + <h3>Nextcloud Server 14.0.0</h3> <ul> <li><a href="/security/advisory/?id=NC-SA-2018-014">Improper access control checks for single share previews (NC-SA-2018-014)</a> 2018-10-25</li> diff --git a/advisories/nc-sa-2018-015.php b/advisories/nc-sa-2018-015.php new file mode 100644 index 00000000..85d00b52 --- /dev/null +++ b/advisories/nc-sa-2018-015.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Improper check for access to application database (NC-SA-2018-015)</h2> + <p>26th July 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 1.8 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N">AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/284.html">Improper Access Control (CWE-284)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/331302">331302</a></p> + <h3>Description</h3> + <p><p>A too permissive check allowed an installed application that contained the Nextcloud client package name to obtain access to the database of the Nextcloud application. At time of disclosure there are no applications with in the Google Play Store that fullfill this requirement.</p></p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Mobile < <strong>3.2.0</strong> (CVE-2018-3765)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed.</p></p> + <h3>Resolution</h3> + <p><p>It is recommended that users upgrade to version 3.2.0.</p></p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="TBD" target="_blank" rel="noreferrer">TBD - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2019-001.php b/advisories/nc-sa-2019-001.php new file mode 100644 index 00000000..13efda8d --- /dev/null +++ b/advisories/nc-sa-2019-001.php @@ -0,0 +1,36 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Classification of calendar events is ignored by the activity stream (NC-SA-2019-001)</h2> + <p>12th April 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 2.4 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N">AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/287.html">Improper Authentication (CWE-287)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/231917">231917</a></p> + <h3>Description</h3> + <p>A missing check revealed the name of confidential events and private events to all users of a shared calendar.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>15.0.1</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>14.0.5</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>13.0.9</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that all instances are upgraded to Nextcloud 15.0.1, 14.0.5 or 13.0.9.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Fabian Dellwing (f.dellwing@netfutura.de) - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2019-004.php b/advisories/nc-sa-2019-004.php new file mode 100644 index 00000000..99d48b14 --- /dev/null +++ b/advisories/nc-sa-2019-004.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Bypass lock protection in Android app (NC-SA-2019-004)</h2> + <p>26th July 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 5.9 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N">AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/288.html">Authentication Bypass Using an Alternate Path or Channel (CWE-288)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/490946">490946</a></p> + <h3>Description</h3> + <p><p>Creating a fake multi-account and aborting the process would redirect the user to the default account of the device without asking for the lock pattern if one was set up.</p></p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Mobile < <strong>3.6.1</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed.</p></p> + <h3>Resolution</h3> + <p><p>It is recommended that users upgrade to version 3.6.1.</p></p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://twitter.com/julien_thomas" target="_blank" rel="noreferrer">Julien Thomas - Protektoid.com project - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2019-005.php b/advisories/nc-sa-2019-005.php new file mode 100644 index 00000000..543ad5e8 --- /dev/null +++ b/advisories/nc-sa-2019-005.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>SQL injection in Android app content provider (NC-SA-2019-005)</h2> + <p>26th July 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 2.7 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L">AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/89.html">Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/291764">291764</a></p> + <h3>Description</h3> + <p><p>The content provider of the app accepted arbitrary strings in the field list of the returned file list. This allowed an attacker to run harmful queries, destroying the local cache of the android app. The server data however was never in danger, so removing the account and setting it up again can fix all problems.</p></p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Mobile < <strong>3.0.0</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p><p>It is recommended that users upgrade to version 3.0.0 or later.</p></p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>David Enos (bluedangerforyou) - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2019-006.php b/advisories/nc-sa-2019-006.php new file mode 100644 index 00000000..81014dd2 --- /dev/null +++ b/advisories/nc-sa-2019-006.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Bypass lock protection in Android app (NC-SA-2019-006)</h2> + <p>26th July 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 3.2 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N">AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/288.html">Authentication Bypass Using an Alternate Path or Channel (CWE-288)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/331489">331489</a></p> + <h3>Description</h3> + <p><p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.</p></p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Mobile < <strong>3.3.0</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p><p>It is recommended that users upgrade to version 3.3.0 or later.</p></p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Volker Weißmann (volker.weissmann@gmx.de) - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2019-007.php b/advisories/nc-sa-2019-007.php new file mode 100644 index 00000000..a1bff7b0 --- /dev/null +++ b/advisories/nc-sa-2019-007.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Thumbnails of files leaked via Android content provider (NC-SA-2019-007)</h2> + <p>26th July 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 4.3 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N">AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/284.html">Improper Access Control (CWE-284)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/534541">534541</a></p> + <h3>Description</h3> + <p><p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, he can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.</p></p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Mobile < <strong>3.6.2</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p><p>It is recommended that users upgrade to version 3.6.2.</p></p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://twitter.com/julien_thomas" target="_blank" rel="noreferrer">Julien Thomas - Protektoid.com project - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2019-008.php b/advisories/nc-sa-2019-008.php new file mode 100644 index 00000000..83588331 --- /dev/null +++ b/advisories/nc-sa-2019-008.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Bypass lock protection in Android app (NC-SA-2019-008)</h2> + <p>26th July 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 5.9 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N">AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/288.html">Authentication Bypass Using an Alternate Path or Channel (CWE-288)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/507172">507172</a></p> + <h3>Description</h3> + <p><p>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can circumvent the passcode protection by repeatedly opening and closing the app in a very short time.</p></p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Mobile < <strong>3.6.1</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed.</p></p> + <h3>Resolution</h3> + <p><p>It is recommended that users upgrade to version 3.6.1 or later.</p></p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Mathijs van Veluw - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2019-009.php b/advisories/nc-sa-2019-009.php new file mode 100644 index 00000000..7e2f5349 --- /dev/null +++ b/advisories/nc-sa-2019-009.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Improper sanitization of HTML in directory names (NC-SA-2019-009)</h2> + <p>26th July 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 0 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:N">AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/80.html">Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/631227">631227</a></p> + <h3>Description</h3> + <p><p>Some basic HTML tags were rendered as Markup in directory names.</p></p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Mobile < <strong>3.7.0</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p><p>It is recommended that users upgrade to version 3.7.0 or later.</p></p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://www.facebook.com/ian.phtml" target="_blank" rel="noreferrer">Christian Angel - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2019-011.php b/advisories/nc-sa-2019-011.php new file mode 100644 index 00000000..6649ab35 --- /dev/null +++ b/advisories/nc-sa-2019-011.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Query restriction bypass on exposed FileContentProvider in Android app (NC-SA-2019-011)</h2> + <p>26th July 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 2.7 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L">AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/89.html">Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/518669">518669</a></p> + <h3>Description</h3> + <p><p>Not strictly enough sanitization allowed an attacker to get content information from protected tables when using custom queries.</p></p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Mobile < <strong>3.6.1</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p><p>It is recommended that users upgrade to version 3.6.1 or later.</p></p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://twitter.com/julien_thomas" target="_blank" rel="noreferrer">Julien Thomas - Protektoid.com project - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> |