diff options
| author | Joas Schilling <coding@schilljs.com> | 2020-01-31 17:24:05 +0300 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2020-01-31 17:24:05 +0300 |
| commit | 02675431f168e1c8094280df7615329053593221 (patch) | |
| tree | 3bbead26384df9ff07eca10e6a4fbef3140d51eb /advisories | |
| parent | eba4489a58c7d9bee211d04f9390e35e73e68abb (diff) | |
Add new advisories
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'advisories')
| -rw-r--r-- | advisories/advisories.rss | 78 | ||||
| -rw-r--r-- | advisories/full-list.php | 110 | ||||
| -rw-r--r-- | advisories/nc-sa-2020-001.php | 36 | ||||
| -rw-r--r-- | advisories/nc-sa-2020-002.php | 36 | ||||
| -rw-r--r-- | advisories/nc-sa-2020-003.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2020-004.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2020-005.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2020-006.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2020-007.php | 35 | ||||
| -rw-r--r-- | advisories/nc-sa-2020-008.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2020-009.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2020-010.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2020-011.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2020-012.php | 36 | ||||
| -rw-r--r-- | advisories/nc-sa-2020-013.php | 36 |
15 files changed, 639 insertions, 0 deletions
diff --git a/advisories/advisories.rss b/advisories/advisories.rss index 2a4367bf..3d308037 100644 --- a/advisories/advisories.rss +++ b/advisories/advisories.rss @@ -5,6 +5,84 @@ <link>https://nextcloud.com/security/advisories/</link> <description>The Nextcloud security advisories as a RSS feed</description> <ttl>1800</ttl><item> + <title>Server: Event details leaked when sharing a non-public calendar event (NC-SA-2020-013)</title> + <description>Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-013">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-013</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-013</guid> + <pubDate>Thu, 15 Nov 2018 01:00:00 +0100</pubDate> + </item><item> + <title>Server: Improper permission preservation on reshares (NC-SA-2020-012)</title> + <description>Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-012">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-012</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-012</guid> + <pubDate>Thu, 27 Jun 2019 02:00:00 +0200</pubDate> + </item><item> + <title>Talk App: Name of private conversations leaked when linked via projects to a shared item (NC-SA-2020-011)</title> + <description>Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-011">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-011</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-011</guid> + <pubDate>Mon, 29 Jul 2019 02:00:00 +0200</pubDate> + </item><item> + <title>Deck App: Improper neutralization of item names in projects feature (NC-SA-2020-010)</title> + <description>Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-010">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-010</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-010</guid> + <pubDate>Mon, 29 Jul 2019 02:00:00 +0200</pubDate> + </item><item> + <title>Talk App: Improper neutralization of item names in projects feature (NC-SA-2020-009)</title> + <description>Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-009">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-009</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-009</guid> + <pubDate>Mon, 29 Jul 2019 02:00:00 +0200</pubDate> + </item><item> + <title>Server: Improper neutralization of item names in projects feature (NC-SA-2020-008)</title> + <description>Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-008">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-008</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-008</guid> + <pubDate>Mon, 29 Jul 2019 02:00:00 +0200</pubDate> + </item><item> + <title>Server: Reflected XSS in redirect of the Updater (NC-SA-2020-007)</title> + <description>Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-007">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-007</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-007</guid> + <pubDate>Tue, 26 Mar 2019 01:00:00 +0100</pubDate> + </item><item> + <title>Server: Duplicate setup of second factor allowed (NC-SA-2020-006)</title> + <description>A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-006">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-006</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-006</guid> + <pubDate>Fri, 25 Oct 2019 02:00:00 +0200</pubDate> + </item><item> + <title>Server: Missing default timeout on HTTP requests (NC-SA-2020-005)</title> + <description>Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-005">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-005</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-005</guid> + <pubDate>Wed, 04 Sep 2019 02:00:00 +0200</pubDate> + </item><item> + <title>Android App: Bypass lock protection in Android app (NC-SA-2020-004)</title> + <description>A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-004">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-004</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-004</guid> + <pubDate>Thu, 05 Dec 2019 01:00:00 +0100</pubDate> + </item><item> + <title>iOS App: Missing sanitization in iOS App allows XSS (NC-SA-2020-003)</title> + <description>Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-003">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-003</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-003</guid> + <pubDate>Wed, 20 Nov 2019 01:00:00 +0100</pubDate> + </item><item> + <title>Server: Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)</title> + <description>A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-002">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-002</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-002</guid> + <pubDate>Wed, 04 Dec 2019 01:00:00 +0100</pubDate> + </item><item> + <title>Server: 2FA sessions not properly expired on password change (NC-SA-2020-001)</title> + <description>A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-001">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-001</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-001</guid> + <pubDate>Mon, 01 Apr 2019 02:00:00 +0200</pubDate> + </item><item> <title>iOS App: Login and token disclosure to other Nextcloud services (NC-SA-2019-017)</title> <description>Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-017">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-017</link> diff --git a/advisories/full-list.php b/advisories/full-list.php index 717244f1..1412f21c 100644 --- a/advisories/full-list.php +++ b/advisories/full-list.php @@ -1,5 +1,115 @@ <hr> +<h2>2020</h2> + +<h3>Android App 3.9.1</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-004">Bypass lock protection in Android app (NC-SA-2020-004)</a> 2019-12-05</li> +</ul> + +<h3>Nextcloud Server 17.0.2</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-002">Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)</a> 2019-12-04</li> +</ul> + +<h3>Nextcloud Server 16.0.7</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-002">Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)</a> 2019-12-04</li> +</ul> + +<h3>Nextcloud Server 15.0.14</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-002">Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)</a> 2019-12-04</li> +</ul> + +<h3>iOS App 2.25.0</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-003">Missing sanitization in iOS App allows XSS (NC-SA-2020-003)</a> 2019-11-20</li> +</ul> + +<h3>Nextcloud Server 17.0.1</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-006">Duplicate setup of second factor allowed (NC-SA-2020-006)</a> 2019-10-25</li> +</ul> + +<h3>Nextcloud Server 17.0.0</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-005">Missing default timeout on HTTP requests (NC-SA-2020-005)</a> 2019-09-04</li> +</ul> + +<h3>Nextcloud Server 16.0.4</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-008">Improper neutralization of item names in projects feature (NC-SA-2020-008)</a> 2019-07-29</li> +</ul> + +<h3>Deck App 0.6.6</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-010">Improper neutralization of item names in projects feature (NC-SA-2020-010)</a> 2019-07-29</li> +</ul> + +<h3>Talk App 6.0.4</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-011">Name of private conversations leaked when linked via projects to a shared item (NC-SA-2020-011)</a> 2019-07-29</li> + <li><a href="/security/advisory/?id=NC-SA-2020-009">Improper neutralization of item names in projects feature (NC-SA-2020-009)</a> 2019-07-29</li> +</ul> + +<h3>Nextcloud Server 16.0.2</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-012">Improper permission preservation on reshares (NC-SA-2020-012)</a> 2019-06-27</li> +</ul> + +<h3>Nextcloud Server 15.0.9</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-012">Improper permission preservation on reshares (NC-SA-2020-012)</a> 2019-06-27</li> +</ul> + +<h3>Nextcloud Server 14.0.13</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-012">Improper permission preservation on reshares (NC-SA-2020-012)</a> 2019-06-27</li> +</ul> + +<h3>Nextcloud Server 15.0.3</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-001">2FA sessions not properly expired on password change (NC-SA-2020-001)</a> 2019-04-01</li> +</ul> + +<h3>Nextcloud Server 14.0.7</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-001">2FA sessions not properly expired on password change (NC-SA-2020-001)</a> 2019-04-01</li> +</ul> + +<h3>Nextcloud Server 13.0.11</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-001">2FA sessions not properly expired on password change (NC-SA-2020-001)</a> 2019-04-01</li> +</ul> + +<h3>Nextcloud Server 15.0.6</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-007">Reflected XSS in redirect of the Updater (NC-SA-2020-007)</a> 2019-03-26</li> +</ul> + +<h3>Nextcloud Server 14.0.9</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-007">Reflected XSS in redirect of the Updater (NC-SA-2020-007)</a> 2019-03-26</li> +</ul> + +<h3>Nextcloud Server 14.0.4</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-013">Event details leaked when sharing a non-public calendar event (NC-SA-2020-013)</a> 2018-11-15</li> +</ul> + +<h3>Nextcloud Server 13.0.8</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-013">Event details leaked when sharing a non-public calendar event (NC-SA-2020-013)</a> 2018-11-15</li> +</ul> + +<h3>Nextcloud Server 12.0.13</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2020-013">Event details leaked when sharing a non-public calendar event (NC-SA-2020-013)</a> 2018-11-15</li> +</ul> + +<hr> + <h2>2019</h2> <h3>iOS App 2.24.0</h3> diff --git a/advisories/nc-sa-2020-001.php b/advisories/nc-sa-2020-001.php new file mode 100644 index 00000000..40f3b465 --- /dev/null +++ b/advisories/nc-sa-2020-001.php @@ -0,0 +1,36 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>2FA sessions not properly expired on password change (NC-SA-2020-001)</h2> + <p>1st April 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 5.6 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N">AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/384.html">Session Fixation (CWE-384)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/486693">486693</a></p> + <h3>Description</h3> + <p>A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>15.0.3</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>14.0.7</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>13.0.11</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Server is upgraded to 15.0.3.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Jackson K V (jacksonkv67@gmail.com) - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2020-002.php b/advisories/nc-sa-2020-002.php new file mode 100644 index 00000000..6bcfcbc3 --- /dev/null +++ b/advisories/nc-sa-2020-002.php @@ -0,0 +1,36 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)</h2> + <p>4th December 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 5.5 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L">AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/646.html">Reliance on File Name or Extension of Externally-Supplied File (CWE-646)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/697959">697959</a></p> + <h3>Description</h3> + <p>A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>17.0.2</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>16.0.7</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>15.0.14</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Server is upgraded to 17.0.2.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Ralf Thesing - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2020-003.php b/advisories/nc-sa-2020-003.php new file mode 100644 index 00000000..c2ead467 --- /dev/null +++ b/advisories/nc-sa-2020-003.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Missing sanitization in iOS App allows XSS (NC-SA-2020-003)</h2> + <p>20th November 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 3.5 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N">AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/116.html">Improper Encoding or Escaping of Output (CWE-116)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/575562">575562</a></p> + <h3>Description</h3> + <p>Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Ios < <strong>2.25.0</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the iOS App is upgraded to 2.25.0.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://noobsec.org" target="_blank" rel="noreferrer">noobsec (root@noobsec.org) - Vulnerability discovery and disclosure.</a></li><li>Wannarat C. / MisterHuntz - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2020-004.php b/advisories/nc-sa-2020-004.php new file mode 100644 index 00000000..f1ceff08 --- /dev/null +++ b/advisories/nc-sa-2020-004.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Bypass lock protection in Android app (NC-SA-2020-004)</h2> + <p>5th December 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 5.9 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N">AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/288.html">Authentication Bypass Using an Alternate Path or Channel (CWE-288)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/747726">747726</a></p> + <h3>Description</h3> + <p>A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Android < <strong>3.9.1</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Android App is upgraded to 3.9.1.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://www.facebook.com/1808arvind" target="_blank" rel="noreferrer">Arvind (ar-arvind@protonmail.com) - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2020-005.php b/advisories/nc-sa-2020-005.php new file mode 100644 index 00000000..d80ef6b6 --- /dev/null +++ b/advisories/nc-sa-2020-005.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Missing default timeout on HTTP requests (NC-SA-2020-005)</h2> + <p>4th September 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 4.3 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L">AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/1088.html">Synchronous Access of Remote Resource without Timeout (CWE-1088)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/592864">592864</a></p> + <h3>Description</h3> + <p>Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>17.0.0</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Server is upgraded to 17.0.0.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://twitter.com/joshmdx" target="_blank" rel="noreferrer">Joshua Maddux (jdmaddux@gmail.com) - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2020-006.php b/advisories/nc-sa-2020-006.php new file mode 100644 index 00000000..a20ad045 --- /dev/null +++ b/advisories/nc-sa-2020-006.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Duplicate setup of second factor allowed (NC-SA-2020-006)</h2> + <p>25th October 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 4.6 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N">AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/287.html">Improper Authentication (CWE-287)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/722748">722748</a></p> + <h3>Description</h3> + <p>A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>17.0.1</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Server is upgraded to 17.0.1.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://nextcloud.com" target="_blank" rel="noreferrer">Christoph Wurst - Nextcloud GmbH - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2020-007.php b/advisories/nc-sa-2020-007.php new file mode 100644 index 00000000..17e4245f --- /dev/null +++ b/advisories/nc-sa-2020-007.php @@ -0,0 +1,35 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Reflected XSS in redirect of the Updater (NC-SA-2020-007)</h2> + <p>26th March 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 2 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N">AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/515484">515484</a></p> + <h3>Description</h3> + <p>Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>15.0.6</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>14.0.9</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Server is upgraded to 15.0.6.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://nstikhomirov.me/" target="_blank" rel="noreferrer">Nikita Tikhomirov - Pentest Generation (nstikhomirov@gmail.com) - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2020-008.php b/advisories/nc-sa-2020-008.php new file mode 100644 index 00000000..d93d748b --- /dev/null +++ b/advisories/nc-sa-2020-008.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Improper neutralization of item names in projects feature (NC-SA-2020-008)</h2> + <p>29th July 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 2 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N">AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation (CWE-79)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/662204">662204</a></p> + <h3>Description</h3> + <p>Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>16.0.4</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Server is upgraded to 16.0.4.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://security-consulting.icu/" target="_blank" rel="noreferrer">Tim Coen - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2020-009.php b/advisories/nc-sa-2020-009.php new file mode 100644 index 00000000..692fb556 --- /dev/null +++ b/advisories/nc-sa-2020-009.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Improper neutralization of item names in projects feature (NC-SA-2020-009)</h2> + <p>29th July 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 2 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N">AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation (CWE-79)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/662204">662204</a></p> + <h3>Description</h3> + <p>Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Talk < <strong>6.0.4</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Talk is upgraded to 6.0.4.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://security-consulting.icu/" target="_blank" rel="noreferrer">Tim Coen - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2020-010.php b/advisories/nc-sa-2020-010.php new file mode 100644 index 00000000..52d09da8 --- /dev/null +++ b/advisories/nc-sa-2020-010.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Improper neutralization of item names in projects feature (NC-SA-2020-010)</h2> + <p>29th July 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 2 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N">AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation (CWE-79)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/662204">662204</a></p> + <h3>Description</h3> + <p>Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Deck < <strong>0.6.6</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Deck is upgraded to 0.6.6.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://security-consulting.icu/" target="_blank" rel="noreferrer">Tim Coen - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2020-011.php b/advisories/nc-sa-2020-011.php new file mode 100644 index 00000000..ccc5648c --- /dev/null +++ b/advisories/nc-sa-2020-011.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Name of private conversations leaked when linked via projects to a shared item (NC-SA-2020-011)</h2> + <p>29th July 2019</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 2 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N">AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/284.html">Improper Access Control (CWE-284)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/662218">662218</a></p> + <h3>Description</h3> + <p>Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Talk < <strong>6.0.4</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Talk 6.0.3 is upgraded to 6.0.4.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://security-consulting.icu/" target="_blank" rel="noreferrer">Tim Coen - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2020-012.php b/advisories/nc-sa-2020-012.php new file mode 100644 index 00000000..2d8ef46b --- /dev/null +++ b/advisories/nc-sa-2020-012.php @@ -0,0 +1,36 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Improper permission preservation on reshares (NC-SA-2020-012)</h2> + <p>27th June 2019</p> + <p>Risk level: <strong>Medium</strong></p> + <p>CVSS v3 Base Score: 6.4 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H">AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/281.html">Improper Preservation of Permissions (CWE-281)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/619484">619484</a></p> + <h3>Description</h3> + <p>Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>16.0.2</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>15.0.9</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>14.0.13</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Server is upgraded to 16.0.2.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://jankaritech.com" target="_blank" rel="noreferrer">Phil Davis - JankariTech Pvt Ltd (phil@jankaritech.com) - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2020-013.php b/advisories/nc-sa-2020-013.php new file mode 100644 index 00000000..4b26a805 --- /dev/null +++ b/advisories/nc-sa-2020-013.php @@ -0,0 +1,36 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Event details leaked when sharing a non-public calendar event (NC-SA-2020-013)</h2> + <p>15th November 2018</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 4.8 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N">AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/281.html">Improper Preservation of Permissions (CWE-281)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/439828">439828</a></p> + <h3>Description</h3> + <p>Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>14.0.4</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>13.0.8</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>12.0.13</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Server is upgraded to 14.0.4.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>NA - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> |