diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2021-03-01 15:36:10 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-01 15:36:10 +0300 |
| commit | 2c5ee5a6fd62ad74b93203ff9e459b40a002859a (patch) | |
| tree | 912107cf1d228a62cadb60dac5d5c7f12519aea4 /advisories | |
| parent | 656b0d52abbe75c7bfb7f9307f2ee3fe6a00dfb7 (diff) | |
Publish advisories of february (#1460)
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'advisories')
| -rw-r--r-- | advisories/advisories.rss | 24 | ||||
| -rw-r--r-- | advisories/full-list.php | 12 | ||||
| -rw-r--r-- | advisories/nc-sa-2021-004.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2021-005.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2021-006.php | 34 | ||||
| -rw-r--r-- | advisories/nc-sa-2021-007.php | 34 |
6 files changed, 172 insertions, 0 deletions
diff --git a/advisories/advisories.rss b/advisories/advisories.rss index ea7bc016..2fd9b936 100644 --- a/advisories/advisories.rss +++ b/advisories/advisories.rss @@ -5,6 +5,30 @@ <link>https://nextcloud.com/security/advisories/</link> <description>The Nextcloud security advisories as a RSS feed</description> <ttl>1800</ttl><item> + <title>Deck App: New users can read all Nextcloud Deck data from previous user with same username (NC-SA-2021-007)</title> + <description>A logic error in Nextcloud Deck 1.0.1 allowed new users with a duplicate user identifier to use deck data of a previous deleted user.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2021-007">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-007</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-007</guid> + <pubDate>Wed, 03 Jun 2020 12:00:00 +0200</pubDate> + </item><item> + <title>Server: External storage app saves password for all users in the database (NC-SA-2021-006)</title> + <description>A missing condition in Nextcloud Server 19 and prior caused the external storage app to always store the users password in a recoverable format.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2021-006">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-006</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-006</guid> + <pubDate>Sat, 03 Oct 2020 12:00:00 +0200</pubDate> + </item><item> + <title>Server: Reflected XSS when renaming malicious file (NC-SA-2021-005)</title> + <description>Missing sanitization in Nextcloud Server 20.0.5 and prior allowed to perform a reflected XSS when saving html as file name and causing an error on rename e.g. by renaming to an existing file. The risk is mostly mitigated due to the strict Content-Security-Policy (CSP) of Nextcloud, and thus mainly targets browsers not supporting CSP such as Internet Explorer.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2021-005">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-005</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-005</guid> + <pubDate>Mon, 25 Jan 2021 12:00:00 +0100</pubDate> + </item><item> + <title>Server: External storage credentials stored for wrong user (NC-SA-2021-004)</title> + <description>A missing user check in Nextcloud 20.0.5 and prior allowed to populate your own credentials for other users external storage configuration when they did not configure one yet.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2021-004">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-004</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-004</guid> + <pubDate>Mon, 25 Jan 2021 12:00:00 +0100</pubDate> + </item><item> <title>Server: Denial of Service by requesting to reset a password (NC-SA-2021-003)</title> <description>A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2021-003">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-003</link> diff --git a/advisories/full-list.php b/advisories/full-list.php index 07a05111..0501b5d0 100644 --- a/advisories/full-list.php +++ b/advisories/full-list.php @@ -2,6 +2,12 @@ <h2>2021</h2> +<h3>Nextcloud Server 20.0.6</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2021-005">Reflected XSS when renaming malicious file (NC-SA-2021-005)</a> 2021-01-25</li> + <li><a href="/security/advisory/?id=NC-SA-2021-004">External storage credentials stored for wrong user (NC-SA-2021-004)</a> 2021-01-25</li> +</ul> + <h3>Nextcloud Server 20.0.2</h3> <ul> <li><a href="/security/advisory/?id=NC-SA-2021-002">Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)</a> 2020-11-18</li> @@ -22,9 +28,15 @@ <h3>Nextcloud Server 20.0.0</h3> <ul> + <li><a href="/security/advisory/?id=NC-SA-2021-006">External storage app saves password for all users in the database (NC-SA-2021-006)</a> 2020-10-03</li> <li><a href="/security/advisory/?id=NC-SA-2021-003">Denial of Service by requesting to reset a password (NC-SA-2021-003)</a> 2020-10-03</li> </ul> +<h3>Deck App 1.0.2</h3> +<ul> + <li><a href="/security/advisory/?id=NC-SA-2021-007">New users can read all Nextcloud Deck data from previous user with same username (NC-SA-2021-007)</a> 2020-06-03</li> +</ul> + <hr> <h2>2020</h2> diff --git a/advisories/nc-sa-2021-004.php b/advisories/nc-sa-2021-004.php new file mode 100644 index 00000000..dbf33842 --- /dev/null +++ b/advisories/nc-sa-2021-004.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>External storage credentials stored for wrong user (NC-SA-2021-004)</h2> + <p>25th January 2021</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 8.7 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N">AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/284.html">Improper Access Control - Generic (CWE-284)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/1061591">1061591</a></p> + <h3>Description</h3> + <p>A missing user check in Nextcloud 20.0.5 and prior allowed to populate your own credentials for other users external storage configuration when they did not configure one yet.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>20.0.6</strong> (CVE-2021-22877)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Server is upgraded to 20.0.6.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://hofstaetter.io" target="_blank" rel="noreferrer">Alexander Hofstätter - Hofstätter IT GmbH - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2021-005.php b/advisories/nc-sa-2021-005.php new file mode 100644 index 00000000..97ff3db2 --- /dev/null +++ b/advisories/nc-sa-2021-005.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>Reflected XSS when renaming malicious file (NC-SA-2021-005)</h2> + <p>25th January 2021</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 5.3 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L">AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Cross-site Scripting (XSS) - Reflected (CWE-79)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/896522">896522</a></p> + <h3>Description</h3> + <p>Missing sanitization in Nextcloud Server 20.0.5 and prior allowed to perform a reflected XSS when saving html as file name and causing an error on rename e.g. by renaming to an existing file. The risk is mostly mitigated due to the strict Content-Security-Policy (CSP) of Nextcloud, and thus mainly targets browsers not supporting CSP such as Internet Explorer.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>20.0.6</strong> (CVE-2021-22878)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Server is upgraded to 20.0.6.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://www.fortiguard.com/" target="_blank" rel="noreferrer">Zhouyuan Yang - Fortinet - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2021-006.php b/advisories/nc-sa-2021-006.php new file mode 100644 index 00000000..141e994e --- /dev/null +++ b/advisories/nc-sa-2021-006.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>External storage app saves password for all users in the database (NC-SA-2021-006)</h2> + <p>3rd October 2020</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 5.3 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L">AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/257.html">Storing Passwords in a Recoverable Format (CWE-257)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/867164">867164</a></p> + <h3>Description</h3> + <p>A missing condition in Nextcloud Server 19 and prior caused the external storage app to always store the users password in a recoverable format.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>20.0.0</strong> (CVE-2020-8296)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed. Incorrectly stored passwords have been automatically cleaned-up from your database.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Server is upgraded to 20.0.0.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Anderson Luiz Alves (alacn1@gmail.com) - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2021-007.php b/advisories/nc-sa-2021-007.php new file mode 100644 index 00000000..ea79bf79 --- /dev/null +++ b/advisories/nc-sa-2021-007.php @@ -0,0 +1,34 @@ +<div class="row page-content-header"> +<div class="col-md-12"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-12"> + <h2>New users can read all Nextcloud Deck data from previous user with same username (NC-SA-2021-007)</h2> + <p>3rd June 2020</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 5.1 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L">AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/639.html">Insecure Direct Object Reference (IDOR) (CWE-639)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/882258">882258</a></p> + <h3>Description</h3> + <p>A logic error in Nextcloud Deck 1.0.1 allowed new users with a duplicate user identifier to use deck data of a previous deleted user.</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Deck < <strong>1.0.2</strong> (CVE-2020-8297)</li> + + </ul> + <h3>Action Taken</h3> + <p>The error has been fixed.</p> + <h3>Resolution</h3> + <p>It is recommended that the Nextcloud Deck is upgraded to 1.0.2.</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://www.niedermann.it" target="_blank" rel="noreferrer">Stefan Niedermann - Niedermann IT-Dienstleistungen (info@niedermann.it) - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> |