diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-05-06 15:44:43 +0300 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2017-05-06 15:44:43 +0300 |
| commit | 5e50ece13dbe54219457cbe3e7e0d8c2b1de2897 (patch) | |
| tree | 878eaefd7b041e0d323b4f8358d1a8b67e263f1c /advisories | |
| parent | 3c9284b38634d5789e12d59a10dd66da50fd463d (diff) | |
Add new advisories and adjust CVE identifiers
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'advisories')
| -rw-r--r-- | advisories/advisories.rss | 36 | ||||
| -rw-r--r-- | advisories/advisory-side.php | 13 | ||||
| -rw-r--r-- | advisories/nc-sa-2017-001.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2017-002.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2017-003.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2017-004.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2017-005.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2017-006.php | 4 | ||||
| -rw-r--r-- | advisories/nc-sa-2017-007.php | 37 | ||||
| -rw-r--r-- | advisories/nc-sa-2017-008.php | 40 | ||||
| -rw-r--r-- | advisories/nc-sa-2017-009.php | 37 | ||||
| -rw-r--r-- | advisories/nc-sa-2017-010.php | 40 | ||||
| -rw-r--r-- | advisories/nc-sa-2017-011.php | 37 | ||||
| -rw-r--r-- | advisories/nc-sa-2017-012.php | 38 | ||||
| -rw-r--r-- | advisories/server-list-part.php | 18 |
15 files changed, 300 insertions, 20 deletions
diff --git a/advisories/advisories.rss b/advisories/advisories.rss index 19c28a31..303b69ae 100644 --- a/advisories/advisories.rss +++ b/advisories/advisories.rss @@ -5,6 +5,42 @@ <link>https://nextcloud.com/security/advisories/</link> <description>The Nextcloud security advisories as a RSS feed</description> <ttl>1800</ttl><item> + <title>Server: Share tokens for public calendars disclosed (nC-SA-2017-012)</title> + <description><p>A logical error caused disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and adressbook has been disclosed.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-012">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-012</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-012</guid> + <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> + </item><item> + <title>Server: Share tokens for public calendars disclosed (nC-SA-2017-011)</title> + <description><p>A logical error caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-011">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-011</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-011</guid> + <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> + </item><item> + <title>Server: Stored XSS in Gallery application (nC-SA-2017-010)</title> + <description><p>A JavaScript library used by Nextcloud for sanitizing untrusted user-input suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2.</p><p>Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-010">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-010</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-010</guid> + <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> + </item><item> + <title>Server: Limitation of app specific password scope can be bypassed (nC-SA-2017-009)</title> + <description><p>Improper session handling allowed an application specific password without permission to the files access to the users file.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-009">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-009</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-009</guid> + <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> + </item><item> + <title>Server: Reflected XSS in error pages (nC-SA-2017-008)</title> + <description><p>Inadequate escaping of error messages leads to XSS vulnerabilities in multiple components.</p><p>Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-008">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-008</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-008</guid> + <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> + </item><item> + <title>Server: DOM XSS vulnerability in search dialogue (nC-SA-2017-007)</title> + <description><p>Inadequate escaping lead to XSS vulnerability in the search module. To be exploitable an user has to write or paste malicious content into the search dialogue.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-007">For more information please consult the official advisory.</a></strong></p></description> + <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-007</link> + <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-007</guid> + <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> + </item><item> <title>Server: Content-Spoofing in "files" app (nC-SA-2017-006)</title> <description><p>The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.</p><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-006">For more information please consult the official advisory.</a></strong></p></description> <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-006</link> diff --git a/advisories/advisory-side.php b/advisories/advisory-side.php index 0cc69511..4a1b1521 100644 --- a/advisories/advisory-side.php +++ b/advisories/advisory-side.php @@ -1,7 +1,6 @@ -<br/><p>Nextcloud server 10.0.2</p> -<a href="/security/advisory/?id=nc-sa-2017-001">Permission increase on re-sharing via OCS API</a><br/> -<a href="/security/advisory/?id=nc-sa-2017-002">Creation of folders in read-only folders despite lacking permissions</a><br/> -<a href="/security/advisory/?id=nc-sa-2017-003">Error message discloses existence of file in write-only share</a><br/> -<a href="/security/advisory/?id=nc-sa-2017-004">Denial of Service attack</a><br/> -<a href="/security/advisory/?id=nc-sa-2017-005">Bypassing quota limitation</a><br/> -<a href="/security/advisory/?id=nc-sa-2017-006">Content-Spoofing in "files" app</a><br/> +<br/><p>Nextcloud server 11.0.3</p> +<a href="/security/advisory/?id=nc-sa-2017-007">DOM XSS vulnerability in search dialogue</a><br/> +<a href="/security/advisory/?id=nc-sa-2017-008">Reflected XSS in error pages</a><br/> +<a href="/security/advisory/?id=nc-sa-2017-009">Limitation of app specific password scope can be bypassed</a><br/> +<a href="/security/advisory/?id=nc-sa-2017-010">Stored XSS in Gallery application</a><br/> +<a href="/security/advisory/?id=nc-sa-2017-011">Share tokens for public calendars disclosed</a><br/> diff --git a/advisories/nc-sa-2017-001.php b/advisories/nc-sa-2017-001.php index ec6bdfdb..70bd0109 100644 --- a/advisories/nc-sa-2017-001.php +++ b/advisories/nc-sa-2017-001.php @@ -21,8 +21,8 @@ </p> <h3>Affected Software</h3> <ul> - <li>Nextcloud Server < <strong>10.0.2</strong> (CVE assignment pending)</li> -<li>Nextcloud Server < <strong>9.0.55</strong> (CVE assignment pending)</li> + <li>Nextcloud Server < <strong>10.0.2</strong> (CVE-2017-0883)</li> +<li>Nextcloud Server < <strong>9.0.55</strong> (CVE-2017-0883)</li> </ul> <h3>Action Taken</h3> diff --git a/advisories/nc-sa-2017-002.php b/advisories/nc-sa-2017-002.php index 4729dbf4..731bcc2c 100644 --- a/advisories/nc-sa-2017-002.php +++ b/advisories/nc-sa-2017-002.php @@ -21,8 +21,8 @@ </p> <h3>Affected Software</h3> <ul> - <li>Nextcloud Server < <strong>10.0.2</strong> (CVE assignment pending)</li> -<li>Nextcloud Server < <strong>9.0.55</strong> (CVE assignment pending)</li> + <li>Nextcloud Server < <strong>10.0.2</strong> (CVE-2017-0884)</li> +<li>Nextcloud Server < <strong>9.0.55</strong> (CVE-2017-0884)</li> </ul> <h3>Action Taken</h3> diff --git a/advisories/nc-sa-2017-003.php b/advisories/nc-sa-2017-003.php index 9e49cb47..d2e9475b 100644 --- a/advisories/nc-sa-2017-003.php +++ b/advisories/nc-sa-2017-003.php @@ -20,8 +20,8 @@ </p> <h3>Affected Software</h3> <ul> - <li>Nextcloud Server < <strong>10.0.2</strong> (CVE assignment pending)</li> -<li>Nextcloud Server < <strong>9.0.55</strong> (CVE assignment pending)</li> + <li>Nextcloud Server < <strong>10.0.2</strong> (CVE-2017-0885)</li> +<li>Nextcloud Server < <strong>9.0.55</strong> (CVE-2017-0885)</li> </ul> <h3>Action Taken</h3> diff --git a/advisories/nc-sa-2017-004.php b/advisories/nc-sa-2017-004.php index b19760ce..b4766f3e 100644 --- a/advisories/nc-sa-2017-004.php +++ b/advisories/nc-sa-2017-004.php @@ -20,8 +20,8 @@ </p> <h3>Affected Software</h3> <ul> - <li>Nextcloud Server < <strong>10.0.2</strong> (CVE assignment pending)</li> -<li>Nextcloud Server < <strong>9.0.55</strong> (CVE assignment pending)</li> + <li>Nextcloud Server < <strong>10.0.2</strong> (CVE-2017-0886)</li> +<li>Nextcloud Server < <strong>9.0.55</strong> (CVE-2017-0886)</li> </ul> <h3>Action Taken</h3> diff --git a/advisories/nc-sa-2017-005.php b/advisories/nc-sa-2017-005.php index bfd20c2d..f4f5c05c 100644 --- a/advisories/nc-sa-2017-005.php +++ b/advisories/nc-sa-2017-005.php @@ -20,8 +20,8 @@ </p> <h3>Affected Software</h3> <ul> - <li>Nextcloud Server < <strong>10.0.2</strong> (CVE assignment pending)</li> -<li>Nextcloud Server < <strong>9.0.55</strong> (CVE assignment pending)</li> + <li>Nextcloud Server < <strong>10.0.2</strong> (CVE-2017-0887)</li> +<li>Nextcloud Server < <strong>9.0.55</strong> (CVE-2017-0887)</li> </ul> <h3>Action Taken</h3> diff --git a/advisories/nc-sa-2017-006.php b/advisories/nc-sa-2017-006.php index 6519ab31..d1ab25b3 100644 --- a/advisories/nc-sa-2017-006.php +++ b/advisories/nc-sa-2017-006.php @@ -20,8 +20,8 @@ </p> <h3>Affected Software</h3> <ul> - <li>Nextcloud Server < <strong>10.0.2</strong> (CVE assignment pending)</li> -<li>Nextcloud Server < <strong>9.0.55</strong> (CVE assignment pending)</li> + <li>Nextcloud Server < <strong>10.0.2</strong> (CVE-2017-0888)</li> +<li>Nextcloud Server < <strong>9.0.55</strong> (CVE-2017-0888)</li> </ul> <h3>Action Taken</h3> diff --git a/advisories/nc-sa-2017-007.php b/advisories/nc-sa-2017-007.php new file mode 100644 index 00000000..c0883209 --- /dev/null +++ b/advisories/nc-sa-2017-007.php @@ -0,0 +1,37 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-4"> + <?php get_template_part('advisories/advisory-side'); ?> + </div> + <div class="col-md-8"> + <h2>DOM XSS vulnerability in search dialogue (NC-SA-2017-007)</h2> + <p>8th May 2017</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 2.6 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N">AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/213227">213227</a></p> + <h3>Description</h3> + <p><p>Inadequate escaping lead to XSS vulnerability in the search module. To be exploitable an user has to write or paste malicious content into the search dialogue.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>11.0.3</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The content is now properly escaped, furthermore for Nextcloud 12 we have <a href="https://statuscode.ch/2017/03/CSP-unsafe-eval-and-jquery/">hardened jQuery</a> to prevent such CSP bypasses.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Ahsan Khan - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2017-008.php b/advisories/nc-sa-2017-008.php new file mode 100644 index 00000000..d16b7fa0 --- /dev/null +++ b/advisories/nc-sa-2017-008.php @@ -0,0 +1,40 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-4"> + <?php get_template_part('advisories/advisory-side'); ?> + </div> + <div class="col-md-8"> + <h2>Reflected XSS in error pages (NC-SA-2017-008)</h2> + <p>8th May 2017</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 3.5 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N">AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/216812">216812</a></p> + <h3>Description</h3> + <p><p>Inadequate escaping of error messages leads to XSS vulnerabilities in multiple components.</p> +<p>Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>11.0.3</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>10.0.5</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>9.0.58</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>Error messages are now properly escaped.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://twitter.com/sinkmanu" target="_blank" rel="noreferrer">Manuel Mancera - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2017-009.php b/advisories/nc-sa-2017-009.php new file mode 100644 index 00000000..7c979955 --- /dev/null +++ b/advisories/nc-sa-2017-009.php @@ -0,0 +1,37 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-4"> + <?php get_template_part('advisories/advisory-side'); ?> + </div> + <div class="col-md-8"> + <h2>Limitation of app specific password scope can be bypassed (NC-SA-2017-009)</h2> + <p>8th May 2017</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 3 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N">AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/285.html">Improper Authorization (CWE-285)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/191979">191979</a></p> + <h3>Description</h3> + <p><p>Improper session handling allowed an application specific password without permission to the files access to the users file.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>11.0.3</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The permission check has been corrected and reviewed.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Mmakosdel - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2017-010.php b/advisories/nc-sa-2017-010.php new file mode 100644 index 00000000..76f1a168 --- /dev/null +++ b/advisories/nc-sa-2017-010.php @@ -0,0 +1,40 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-4"> + <?php get_template_part('advisories/advisory-side'); ?> + </div> + <div class="col-md-8"> + <h2>Stored XSS in Gallery application (NC-SA-2017-010)</h2> + <p>8th May 2017</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 3 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N">AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/222838">222838</a></p> + <h3>Description</h3> + <p><p>A JavaScript library used by Nextcloud for sanitizing untrusted user-input suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2.</p> +<p>Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>11.0.3</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>10.0.5</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>9.0.58</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The vulnerable library has been updated.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Lukas Reschke - Nextcloud GmbH (lukas@nextcloud.com) - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2017-011.php b/advisories/nc-sa-2017-011.php new file mode 100644 index 00000000..3f1e0165 --- /dev/null +++ b/advisories/nc-sa-2017-011.php @@ -0,0 +1,37 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-4"> + <?php get_template_part('advisories/advisory-side'); ?> + </div> + <div class="col-md-8"> + <h2>Share tokens for public calendars disclosed (NC-SA-2017-011)</h2> + <p>8th May 2017</p> + <p>Risk level: <strong>Medium</strong></p> + <p>CVSS v3 Base Score: 4.3 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N">AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/548.html">Information Exposure Through Directory Listing (CWE-548)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/218876">218876</a></p> + <h3>Description</h3> + <p><p>A logical error caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>11.0.3</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed and regression tests been added.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li>Lukas Reschke - Nextcloud GmbH (lukas@nextcloud.com) - Vulnerability discovery and disclosure.</li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/nc-sa-2017-012.php b/advisories/nc-sa-2017-012.php new file mode 100644 index 00000000..5263acb0 --- /dev/null +++ b/advisories/nc-sa-2017-012.php @@ -0,0 +1,38 @@ +<div class="row page-content-header"> +<div class="col-md-4"> + <h1>Security Advisory</h1> + <a href="/security/advisories/">Back to advisories</a> +</div> +</div> +<div class="row"> + <div class="col-md-4"> + <?php get_template_part('advisories/advisory-side'); ?> + </div> + <div class="col-md-8"> + <h2>Share tokens for public calendars disclosed (NC-SA-2017-012)</h2> + <p>8th May 2017</p> + <p>Risk level: <strong>Low</strong></p> + <p>CVSS v3 Base Score: 3.5 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N">AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N</a>)</p> + <p>CWE: <a href="https://cwe.mitre.org/data/definitions/548.html">Information Exposure Through Directory Listing (CWE-548)</a></p> + <p>HackerOne report: <a href="https://hackerone.com/reports/203594">203594</a></p> + <h3>Description</h3> + <p><p>A logical error caused disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and adressbook has been disclosed.</p> +</p> + <h3>Affected Software</h3> + <ul> + <li>Nextcloud Server < <strong>11.0.2</strong> (CVE assignment pending)</li> +<li>Nextcloud Server < <strong>10.0.4</strong> (CVE assignment pending)</li> + + </ul> + <h3>Action Taken</h3> + <p><p>The error has been fixed and regression tests been added.</p> +</p> + <h3>Acknowledgements</h3> + <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> + <ul> + <li><a href="https://juliushaertl.de" target="_blank" rel="noreferrer">Julius Härtl - Vulnerability discovery and disclosure.</a></li> + </ul> + <br/> + <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small> + </div> +</div> diff --git a/advisories/server-list-part.php b/advisories/server-list-part.php index 5073f8d2..6faf863f 100644 --- a/advisories/server-list-part.php +++ b/advisories/server-list-part.php @@ -1,4 +1,17 @@ -<p>Version 10.0.2</p> +<p>Version 11.0.3</p> +<a href="/security/advisory/?id=nc-sa-2017-007">DOM XSS vulnerability in search dialogue</a><br> +<a href="/security/advisory/?id=nc-sa-2017-008">Reflected XSS in error pages</a><br> +<a href="/security/advisory/?id=nc-sa-2017-009">Limitation of app specific password scope can be bypassed</a><br> +<a href="/security/advisory/?id=nc-sa-2017-010">Stored XSS in Gallery application</a><br> +<a href="/security/advisory/?id=nc-sa-2017-011">Share tokens for public calendars disclosed</a><br> +<br/><p>Version 11.0.2</p> +<a href="/security/advisory/?id=nc-sa-2017-012">Share tokens for public calendars disclosed</a><br> +<br/><p>Version 10.0.5</p> +<a href="/security/advisory/?id=nc-sa-2017-008">Reflected XSS in error pages</a><br> +<a href="/security/advisory/?id=nc-sa-2017-010">Stored XSS in Gallery application</a><br> +<br/><p>Version 10.0.4</p> +<a href="/security/advisory/?id=nc-sa-2017-012">Share tokens for public calendars disclosed</a><br> +<br/><p>Version 10.0.2</p> <a href="/security/advisory/?id=nc-sa-2017-001">Permission increase on re-sharing via OCS API</a><br> <a href="/security/advisory/?id=nc-sa-2017-002">Creation of folders in read-only folders despite lacking permissions</a><br> <a href="/security/advisory/?id=nc-sa-2017-003">Error message discloses existence of file in write-only share</a><br> @@ -13,6 +26,9 @@ <a href="/security/advisory/?id=nc-sa-2016-011">Content-Spoofing in "dav" app</a><br> <br/><p>Version 10.0.0</p> <a href="/security/advisory/?id=nc-sa-2016-007">Improper authorization check on removing shares</a><br> +<br/><p>Version 9.0.58</p> +<a href="/security/advisory/?id=nc-sa-2017-008">Reflected XSS in error pages</a><br> +<a href="/security/advisory/?id=nc-sa-2017-010">Stored XSS in Gallery application</a><br> <br/><p>Version 9.0.55</p> <a href="/security/advisory/?id=nc-sa-2017-001">Permission increase on re-sharing via OCS API</a><br> <a href="/security/advisory/?id=nc-sa-2017-002">Creation of folders in read-only folders despite lacking permissions</a><br> |