diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2021-06-01 14:17:10 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-06-01 14:17:10 +0300 |
| commit | 890542103f935dd003f53cc6b8e7058997be9f98 (patch) | |
| tree | b8e94bf065d742b02a9d9e9bcaf3edb74aa5175e /advisories | |
| parent | 33995e9778cc7c08524619e8d79dc94ebb9e773f (diff) | |
Move security advisories to GitHub (#1488)
* Move security advisories to GitHub
The advisory process takes quite some time at the moment, and I'd like to save time on that.
What does this change mean:
1. Someone opening http://nextcloud.com/security/advisories/ will be redirected to the GitHub advisories page
2. The old advisories will still all be accessible.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Close PHP tag
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'advisories')
| -rw-r--r-- | advisories/advisories.rss | 663 | ||||
| -rw-r--r-- | advisories/full-list.php | 688 |
2 files changed, 0 insertions, 1351 deletions
diff --git a/advisories/advisories.rss b/advisories/advisories.rss deleted file mode 100644 index aea0d5fd..00000000 --- a/advisories/advisories.rss +++ /dev/null @@ -1,663 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" ?> -<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> -<channel> - <title>Nextcloud Security Advisories RSS Feed</title> - <link>https://nextcloud.com/security/advisories/</link> - <description>The Nextcloud security advisories as a RSS feed</description> - <ttl>1800</ttl><item> - <title>Desktop Client: Missing URL validation allowed RCE for the server on the Desktop client (NC-SA-2021-008)</title> - <description>Missing validation of URLs in Nextcloud Desktop Client 3.1.2 and earlier allowed a malicious server to execute code on the client. User interaction was required.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2021-008">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-008</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-008</guid> - <pubDate>Wed, 24 Feb 2021 12:00:00 +0100</pubDate> - </item><item> - <title>Deck App: New users can read all Nextcloud Deck data from previous user with same username (NC-SA-2021-007)</title> - <description>A logic error in Nextcloud Deck 1.0.1 allowed new users with a duplicate user identifier to use deck data of a previous deleted user.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2021-007">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-007</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-007</guid> - <pubDate>Wed, 03 Jun 2020 12:00:00 +0200</pubDate> - </item><item> - <title>Server: External storage app saves password for all users in the database (NC-SA-2021-006)</title> - <description>A missing condition in Nextcloud Server 19 and prior caused the external storage app to always store the users password in a recoverable format.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2021-006">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-006</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-006</guid> - <pubDate>Sat, 03 Oct 2020 12:00:00 +0200</pubDate> - </item><item> - <title>Server: Reflected XSS when renaming malicious file (NC-SA-2021-005)</title> - <description>Missing sanitization in Nextcloud Server 20.0.5 and prior allowed to perform a reflected XSS when saving html as file name and causing an error on rename e.g. by renaming to an existing file. The risk is mostly mitigated due to the strict Content-Security-Policy (CSP) of Nextcloud, and thus mainly targets browsers not supporting CSP such as Internet Explorer.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2021-005">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-005</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-005</guid> - <pubDate>Mon, 25 Jan 2021 12:00:00 +0100</pubDate> - </item><item> - <title>Server: External storage credentials stored for wrong user (NC-SA-2021-004)</title> - <description>A missing user check in Nextcloud 20.0.5 and prior allowed to populate your own credentials for other users external storage configuration when they did not configure one yet.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2021-004">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-004</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-004</guid> - <pubDate>Mon, 25 Jan 2021 12:00:00 +0100</pubDate> - </item><item> - <title>Server: Denial of Service by requesting to reset a password (NC-SA-2021-003)</title> - <description>A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2021-003">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-003</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-003</guid> - <pubDate>Sat, 03 Oct 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)</title> - <description>A missing link validation in Nextcloud Server 20.0.1 allowed to execute a stored XSS attack on Internet Explorer users by saving a javascript url in a Markdown.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2021-002">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-002</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-002</guid> - <pubDate>Wed, 18 Nov 2020 13:00:00 +0100</pubDate> - </item><item> - <title>Server: Potential DDoS when posting long data into workflow validation rules (NC-SA-2021-001)</title> - <description>A missing input validation in Nextcloud Server 20.0.1 allowed users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2021-001">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2021-001</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2021-001</guid> - <pubDate>Wed, 18 Nov 2020 13:00:00 +0100</pubDate> - </item><item> - <title>Contacts App: XSS through image upload of contacts using svg file (NC-SA-2020-045)</title> - <description>A missing file type check in Nextcloud Contacts 3.3.0 allowed a malicious user to upload malicious SVG files to perform XSS attacks.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-045">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-045</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-045</guid> - <pubDate>Tue, 20 Oct 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Contacts App: XSS through image upload on contacts using svg file with png extension (NC-SA-2020-044)</title> - <description>A missing file type check in Nextcloud Contacts 3.4.0 allowed a malicious user to upload SVG files as PNG files to perform XSS attacks.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-044">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-044</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-044</guid> - <pubDate>Tue, 20 Oct 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Social App: Social App does not validate server certificates for outgoing connections (NC-SA-2020-043)</title> - <description>Missing validation of server certificates for out-going connections allowed a man-in-the-middle attack.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-043">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-043</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-043</guid> - <pubDate>Thu, 15 Oct 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Social App: Improper access control to messages of Social app (NC-SA-2020-042)</title> - <description>Improper access control in Social app 0.3.1 allowed to read posts of any user.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-042">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-042</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-042</guid> - <pubDate>Thu, 15 Oct 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Improper integrity protection of server-side encryption keys (NC-SA-2020-041)</title> - <description>Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-041">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-041</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-041</guid> - <pubDate>Sat, 03 Oct 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Improper confidentiality protection of server-side encryption keys (NC-SA-2020-040)</title> - <description>Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-040">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-040</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-040</guid> - <pubDate>Sat, 03 Oct 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Downgrade encryption scheme and break integrity through known-plaintext attack (NC-SA-2020-039)</title> - <description>A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-039">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-039</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-039</guid> - <pubDate>Wed, 26 Aug 2020 02:00:00 +0200</pubDate> - </item><item> - <title>Server: Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file (NC-SA-2020-038)</title> - <description>A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-038">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-038</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-038</guid> - <pubDate>Wed, 26 Aug 2020 02:00:00 +0200</pubDate> - </item><item> - <title>Server: PIN for passwordless WebAuthn is asked for but not verified (NC-SA-2020-037)</title> - <description>A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-037">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-037</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-037</guid> - <pubDate>Tue, 25 Aug 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Deck App: Access control missing while viewing the attachments in the 'All boards' (NC-SA-2020-036)</title> - <description>Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-036">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-036</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-036</guid> - <pubDate>Wed, 15 Jul 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Desktop Client: Missing memory corruption protection on Windows release built (NC-SA-2020-035)</title> - <description>Missing ASLR and DEP protections in Nextcloud Desktop Client 2.6.4 for windows allowed to corrupt memory.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-035">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-035</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-035</guid> - <pubDate>Fri, 10 Jul 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Desktop Client: Memory Leak in OCUtil.dll library in Desktop client can lead to DoS (NC-SA-2020-034)</title> - <description>A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-034">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-034</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-034</guid> - <pubDate>Fri, 10 Jul 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Preferred providers: Missing rate limit on signup page (NC-SA-2020-033)</title> - <description>A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-033">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-033</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-033</guid> - <pubDate>Mon, 03 Aug 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Desktop Client: Linux client is vulnerable to directory traversal when downloading files (NC-SA-2020-032)</title> - <description>Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-032">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-032</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-032</guid> - <pubDate>Fri, 10 Jul 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Desktop Client: Clear text storage of proxy parameters and passwords (NC-SA-2020-031)</title> - <description>A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-031">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-031</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-031</guid> - <pubDate>Fri, 10 Jul 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Desktop Client: Arbitrary code execution in desktop client via OpenSSL config (NC-SA-2020-030)</title> - <description>A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-030">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-030</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-030</guid> - <pubDate>Fri, 10 Jul 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Re-Sharing allows increase of privileges (NC-SA-2020-029)</title> - <description>A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-029">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-029</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-029</guid> - <pubDate>Thu, 16 Jul 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Preferred providers: Possible denial of service when entering a long password (NC-SA-2020-028)</title> - <description>Improper check of inputs in Preferred providers app 1.6.0 allowed to perform a denial of service attack when using a very long password.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-028">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-028</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-028</guid> - <pubDate>Tue, 16 Jun 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Desktop Client: XSS in desktop client via invalid server address on login form (NC-SA-2020-027)</title> - <description>A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-027">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-027</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-027</guid> - <pubDate>Fri, 10 Jul 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Password of share by mail is not hashed when given on the create share call (NC-SA-2020-026)</title> - <description>A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-026">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-026</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-026</guid> - <pubDate>Thu, 04 Jun 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Deck App: Missing permission check on resharing a board (NC-SA-2020-025)</title> - <description>Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-025">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-025</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-025</guid> - <pubDate>Wed, 08 Apr 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Contacts App: Limit contacts photo uploading to images (NC-SA-2020-024)</title> - <description>A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-024">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-024</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-024</guid> - <pubDate>Thu, 16 Apr 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Increase random used for encryption (NC-SA-2020-023)</title> - <description>A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-023">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-023</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-023</guid> - <pubDate>Thu, 04 Jun 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Deck App: Improper access control allows injecting tasks into other users decks (NC-SA-2020-022)</title> - <description>Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-022">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-022</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-022</guid> - <pubDate>Fri, 15 May 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Talk App: Code injection possible with malformed Nextcloud Talk chat commands (NC-SA-2020-021)</title> - <description>A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-021">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-021</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-021</guid> - <pubDate>Mon, 20 Apr 2020 14:00:00 +0200</pubDate> - </item><item> - <title>Mail App: Mail app not verifying TLS host of mail servers (NC-SA-2020-020)</title> - <description>A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-020">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-020</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-020</guid> - <pubDate>Tue, 24 Mar 2020 13:00:00 +0100</pubDate> - </item><item> - <title>Server: XSS in Files PDF viewer (NC-SA-2020-019)</title> - <description>An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-019">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-019</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-019</guid> - <pubDate>Wed, 18 Mar 2020 13:00:00 +0100</pubDate> - </item><item> - <title>Server: Missing ownership check on remote wipe endpoint (NC-SA-2020-018)</title> - <description>An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-018">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-018</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-018</guid> - <pubDate>Wed, 18 Mar 2020 13:00:00 +0100</pubDate> - </item><item> - <title>Groupfolders App: Renaming an item to a protected hidden folder deletes the target (NC-SA-2020-017)</title> - <description>Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-017">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-017</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-017</guid> - <pubDate>Mon, 15 Jul 2019 14:00:00 +0200</pubDate> - </item><item> - <title>Desktop Client: Code injection in Nextcloud Desktop Client for macOS (NC-SA-2020-016)</title> - <description>A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-016">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-016</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-016</guid> - <pubDate>Mon, 17 Feb 2020 01:00:00 +0100</pubDate> - </item><item> - <title>Server: Secure view shares can be downloaded by manipulating the URL (NC-SA-2020-015)</title> - <description>A missing access control check in Nextcloud Server 18.0.0 causes hide-download shares to be downloadable when appending /download to the URL.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-015">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-015</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-015</guid> - <pubDate>Fri, 07 Feb 2020 01:00:00 +0100</pubDate> - </item><item> - <title>Server: SSRF protection bypass in calendar subscriptions (NC-SA-2020-014)</title> - <description>A missing check for IPv4 nested inside IPv6 in Nextcloud server 17.0.1 allowed a SSRF when subscribing to a malicious calendar URL.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-014">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-014</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-014</guid> - <pubDate>Thu, 12 Dec 2019 01:00:00 +0100</pubDate> - </item><item> - <title>Server: Event details leaked when sharing a non-public calendar event (NC-SA-2020-013)</title> - <description>Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-013">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-013</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-013</guid> - <pubDate>Thu, 15 Nov 2018 01:00:00 +0100</pubDate> - </item><item> - <title>Server: Improper permission preservation on reshares (NC-SA-2020-012)</title> - <description>Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-012">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-012</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-012</guid> - <pubDate>Thu, 27 Jun 2019 02:00:00 +0200</pubDate> - </item><item> - <title>Talk App: Name of private conversations leaked when linked via projects to a shared item (NC-SA-2020-011)</title> - <description>Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-011">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-011</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-011</guid> - <pubDate>Mon, 29 Jul 2019 02:00:00 +0200</pubDate> - </item><item> - <title>Deck App: Improper neutralization of item names in projects feature (NC-SA-2020-010)</title> - <description>Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-010">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-010</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-010</guid> - <pubDate>Mon, 29 Jul 2019 02:00:00 +0200</pubDate> - </item><item> - <title>Talk App: Improper neutralization of item names in projects feature (NC-SA-2020-009)</title> - <description>Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-009">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-009</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-009</guid> - <pubDate>Mon, 29 Jul 2019 02:00:00 +0200</pubDate> - </item><item> - <title>Server: Improper neutralization of item names in projects feature (NC-SA-2020-008)</title> - <description>Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-008">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-008</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-008</guid> - <pubDate>Mon, 29 Jul 2019 02:00:00 +0200</pubDate> - </item><item> - <title>Server: Reflected XSS in redirect of the Updater (NC-SA-2020-007)</title> - <description>Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-007">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-007</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-007</guid> - <pubDate>Tue, 26 Mar 2019 01:00:00 +0100</pubDate> - </item><item> - <title>Server: Duplicate setup of second factor allowed (NC-SA-2020-006)</title> - <description>A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-006">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-006</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-006</guid> - <pubDate>Fri, 25 Oct 2019 02:00:00 +0200</pubDate> - </item><item> - <title>Server: Missing default timeout on HTTP requests (NC-SA-2020-005)</title> - <description>Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-005">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-005</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-005</guid> - <pubDate>Wed, 04 Sep 2019 02:00:00 +0200</pubDate> - </item><item> - <title>Android App: Bypass lock protection in Android app (NC-SA-2020-004)</title> - <description>A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-004">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-004</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-004</guid> - <pubDate>Thu, 05 Dec 2019 01:00:00 +0100</pubDate> - </item><item> - <title>iOS App: Missing sanitization in iOS App allows XSS (NC-SA-2020-003)</title> - <description>Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-003">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-003</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-003</guid> - <pubDate>Wed, 20 Nov 2019 01:00:00 +0100</pubDate> - </item><item> - <title>Server: Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)</title> - <description>A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-002">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-002</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-002</guid> - <pubDate>Wed, 04 Dec 2019 01:00:00 +0100</pubDate> - </item><item> - <title>Server: 2FA sessions not properly expired on password change (NC-SA-2020-001)</title> - <description>A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2020-001">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-001</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-001</guid> - <pubDate>Mon, 01 Apr 2019 02:00:00 +0200</pubDate> - </item><item> - <title>Server: Reflected XSS in svg logo generation (NC-SA-2019-018)</title> - <description>A reflected Cross-Site Scripting vunerability was discovered in the svg generation.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-018">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-018</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-018</guid> - <pubDate>Fri, 02 Aug 2019 14:00:00 +0200</pubDate> - </item><item> - <title>iOS App: Login and token disclosure to other Nextcloud services (NC-SA-2019-017)</title> - <description>Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-017">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-017</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-017</guid> - <pubDate>Tue, 12 Nov 2019 13:00:00 +0100</pubDate> - </item><item> - <title>Server: User IDs and Nextcloud server leaked to Nextcloud Lookup server with disabled settings (NC-SA-2019-016)</title> - <description>Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-016">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-016</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-016</guid> - <pubDate>Wed, 26 Jun 2019 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Group admins can create users with IDs of system folders (NC-SA-2019-015)</title> - <description>Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-015">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-015</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-015</guid> - <pubDate>Mon, 12 Aug 2019 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Server-Side request forgery in New-Subscription feature of the calendar app (NC-SA-2019-014)</title> - <description>An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-014">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-014</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-014</guid> - <pubDate>Thu, 04 Jul 2019 14:00:00 +0200</pubDate> - </item><item> - <title>Circles App: Removing emails from circles does not revoke access to shared items (NC-SA-2019-013)</title> - <description>Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-013">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-013</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-013</guid> - <pubDate>Sun, 06 Oct 2019 14:00:00 +0200</pubDate> - </item><item> - <title>Server: File-drop content is visible through the gallery app (NC-SA-2019-012)</title> - <description>Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-012">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-012</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-012</guid> - <pubDate>Tue, 22 Oct 2019 14:00:00 +0200</pubDate> - </item><item> - <title>Android App: Query restriction bypass on exposed FileContentProvider in Android app (NC-SA-2019-011)</title> - <description>Not strictly enough sanitization allowed an attacker to get content information from protected tables when using custom queries.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-011">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-011</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-011</guid> - <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> - </item><item> - <title>Lookup server: SQL Injection in lookup-server (NC-SA-2019-010)</title> - <description>Improper sanitation of user input allowed any unauthenticated user to perform SQL injection attacks.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-010">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-010</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-010</guid> - <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> - </item><item> - <title>Android App: Improper sanitization of HTML in directory names (NC-SA-2019-009)</title> - <description>Some basic HTML tags were rendered as Markup in directory names.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-009">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-009</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-009</guid> - <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> - </item><item> - <title>Android App: Bypass lock protection in Android app (NC-SA-2019-008)</title> - <description>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can circumvent the passcode protection by repeatedly opening and closing the app in a very short time.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-008">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-008</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-008</guid> - <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> - </item><item> - <title>Android App: Thumbnails of files leaked via Android content provider (NC-SA-2019-007)</title> - <description>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, he can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-007">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-007</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-007</guid> - <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> - </item><item> - <title>Android App: Bypass lock protection in Android app (NC-SA-2019-006)</title> - <description>If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-006">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-006</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-006</guid> - <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> - </item><item> - <title>Android App: SQL injection in Android app content provider (NC-SA-2019-005)</title> - <description>The content provider of the app accepted arbitrary strings in the field list of the returned file list. This allowed an attacker to run harmful queries, destroying the local cache of the android app. The server data however was never in danger, so removing the account and setting it up again can fix all problems.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-005">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-005</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-005</guid> - <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> - </item><item> - <title>Android App: Bypass lock protection in Android app (NC-SA-2019-004)</title> - <description>Creating a fake multi-account and aborting the process would redirect the user to the default account of the device without asking for the lock pattern if one was set up.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-004">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-004</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-004</guid> - <pubDate>Fri, 26 Jul 2019 12:00:00 +0200</pubDate> - </item><item> - <title>Server: Improper share updates could result in extended data access (NC-SA-2019-003)</title> - <description>A bug could expose more data in reshared link shares than intended by the sharer.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-003">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-003</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-003</guid> - <pubDate>Fri, 12 Apr 2019 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Improper access control checks for share expiration date (NC-SA-2019-002)</title> - <description>A missing check could give recipient the possibility to extend the expiration date of a share they received.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-002">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-002</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-002</guid> - <pubDate>Fri, 12 Apr 2019 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Classification of calendar events is ignored by the activity stream (NC-SA-2019-001)</title> - <description>A missing check revealed the name of confidential events and private events to all users of a shared calendar.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2019-001">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2019-001</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2019-001</guid> - <pubDate>Fri, 12 Apr 2019 14:00:00 +0200</pubDate> - </item><item> - <title>Android App: Improper check for access to application database (NC-SA-2018-015)</title> - <description>A too permissive check allowed an installed application that contained the Nextcloud client package name to obtain access to the database of the Nextcloud application. At time of disclosure there are no applications with in the Google Play Store that fullfill this requirement.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-015">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-015</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-015</guid> - <pubDate>Fri, 26 Jul 2019 10:00:00 +0200</pubDate> - </item><item> - <title>Server: Improper access control checks for single share previews (NC-SA-2018-014)</title> - <description>A missing check could give unauthorized access to the previews of single file password protected shares.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-014">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-014</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-014</guid> - <pubDate>Thu, 25 Oct 2018 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Session fixation on public share page (NC-SA-2018-013)</title> - <description>A bug causing session fixation could potentially allow an attacker to obtain access to password protected shares.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-013">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-013</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-013</guid> - <pubDate>Thu, 25 Oct 2018 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Improper authentication on public shares (NC-SA-2018-012)</title> - <description>A missing access check could lead to continued access to password protected link shares when the owner had changed the password.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-012">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-012</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-012</guid> - <pubDate>Thu, 25 Oct 2018 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Second factor authentication bypassed if provider fails to load (NC-SA-2018-011)</title> - <description>Missing state would not enforce the use of a second factor at login if the the provider of the second factor failed to load.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-011">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-011</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-011</guid> - <pubDate>Thu, 25 Oct 2018 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Improper validation of permissions (NC-SA-2018-010)</title> - <description>Improper revalidation of permissions lead to not accepting access restrictions by acess tokens.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-010">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-010</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-010</guid> - <pubDate>Thu, 25 Oct 2018 14:00:00 +0200</pubDate> - </item><item> - <title>Talk App: Stored XSS in autocomplete suggestions for chat @-mentions (NC-SA-2018-009)</title> - <description>A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-009">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-009</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-009</guid> - <pubDate>Fri, 10 Aug 2018 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Stored XSS in autocomplete suggestions for file comments (NC-SA-2018-008)</title> - <description>A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-008">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-008</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-008</guid> - <pubDate>Fri, 10 Aug 2018 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Bypass of 2 Factor Authentication (NC-SA-2018-007)</title> - <description>Improper authentication of the second factor challenge would allow an attacker that had access to user credentials to bypass the second factor validation completely.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-007">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-007</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-007</guid> - <pubDate>Fri, 03 Aug 2018 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Improper validation of data passed to JSON encoder (NC-SA-2018-006)</title> - <description>Improper validation of input allowed an attacker to not have their actions logged to the audit log.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-006">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-006</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-006</guid> - <pubDate>Fri, 03 Aug 2018 14:00:00 +0200</pubDate> - </item><item> - <title>Contacts App: Stored XSS in contacts via group shares (NC-SA-2018-005)</title> - <description>A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-005">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-005</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-005</guid> - <pubDate>Thu, 21 Jun 2018 14:00:00 +0200</pubDate> - </item><item> - <title>Calendar App: Stored XSS in calendar via group shares (NC-SA-2018-004)</title> - <description>A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-004">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-004</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-004</guid> - <pubDate>Thu, 21 Jun 2018 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Improper validation on OAuth2 token endpoint (NC-SA-2018-003)</title> - <description>Improper validation of input allowed an attacker with access to the OAuth2 refresh token to obtain new tokens.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-003">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-003</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-003</guid> - <pubDate>Thu, 21 Jun 2018 14:00:00 +0200</pubDate> - </item><item> - <title>Server: File access control rules not applied to image previews (NC-SA-2018-002)</title> - <description>A missing check for read permissions allowed users that received an incomming share containing files tagged so they should be denied access to still request a preview for those files.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-002">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-002</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-002</guid> - <pubDate>Thu, 21 Jun 2018 14:00:00 +0200</pubDate> - </item><item> - <title>Server: App password scope can be changed for other users (NC-SA-2018-001)</title> - <description>A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2018-001">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-001</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-001</guid> - <pubDate>Wed, 07 Feb 2018 01:00:00 +0100</pubDate> - </item><item> - <title>Server: Calendar and addressbook names disclosed (NC-SA-2017-012)</title> - <description>A logical error caused disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and adressbook has been disclosed.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-012">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-012</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-012</guid> - <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Share tokens for public calendars disclosed (NC-SA-2017-011)</title> - <description>A logical error caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-011">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-011</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-011</guid> - <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Stored XSS in Gallery application (NC-SA-2017-010)</title> - <description>A JavaScript library used by Nextcloud for sanitizing untrusted user-input suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2.Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-010">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-010</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-010</guid> - <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Limitation of app specific password scope can be bypassed (NC-SA-2017-009)</title> - <description>Improper session handling allowed an application specific password without permission to the files access to the users file.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-009">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-009</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-009</guid> - <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Reflected XSS in error pages (NC-SA-2017-008)</title> - <description>Inadequate escaping of error messages leads to XSS vulnerabilities in multiple components.Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-008">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-008</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-008</guid> - <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> - </item><item> - <title>Server: DOM XSS vulnerability in search dialogue (NC-SA-2017-007)</title> - <description>Inadequate escaping lead to XSS vulnerability in the search module. To be exploitable an user has to write or paste malicious content into the search dialogue.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-007">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-007</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-007</guid> - <pubDate>Mon, 08 May 2017 14:00:00 +0200</pubDate> - </item><item> - <title>Server: Content-Spoofing in "files" app (NC-SA-2017-006)</title> - <description>The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-006">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-006</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-006</guid> - <pubDate>Sun, 05 Feb 2017 11:36:08 +0100</pubDate> - </item><item> - <title>Server: Bypassing quota limitation (NC-SA-2017-005)</title> - <description>Due to not properly sanitzing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-005">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-005</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-005</guid> - <pubDate>Sun, 05 Feb 2017 11:36:08 +0100</pubDate> - </item><item> - <title>Server: Denial of Service attack (NC-SA-2017-004)</title> - <description>Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-004">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-004</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-004</guid> - <pubDate>Sun, 05 Feb 2017 11:36:08 +0100</pubDate> - </item><item> - <title>Server: Error message discloses existence of file in write-only share (NC-SA-2017-003)</title> - <description>Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-003">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-003</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-003</guid> - <pubDate>Sun, 05 Feb 2017 11:36:08 +0100</pubDate> - </item><item> - <title>Server: Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)</title> - <description>Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder.Note that this only affects folders and files that the adversary has at least read-only permissions for.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-002">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-002</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-002</guid> - <pubDate>Sun, 05 Feb 2017 11:36:08 +0100</pubDate> - </item><item> - <title>Server: Permission increase on re-sharing via OCS API (NC-SA-2017-001)</title> - <description>A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set.Note that this only affects folders and files that the adversary has at least read-only permissions for.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2017-001">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2017-001</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2017-001</guid> - <pubDate>Sun, 05 Feb 2017 11:36:08 +0100</pubDate> - </item><item> - <title>Server: Content-Spoofing in "dav" app (NC-SA-2016-011)</title> - <description>The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-011">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-011</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-011</guid> - <pubDate>Mon, 10 Oct 2016 13:21:06 +0200</pubDate> - </item><item> - <title>Server: Content-Spoofing in "files" app (NC-SA-2016-010)</title> - <description>The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-010">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-010</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-010</guid> - <pubDate>Mon, 10 Oct 2016 13:21:06 +0200</pubDate> - </item><item> - <title>Server: Reflected XSS in Gallery application (NC-SA-2016-009)</title> - <description>The gallery app was not properly sanitizing exception messages from the Nextcloud server. Due to an endpoint where an attacker could influence the error message this lead to a reflected Cross-Site-Scripting vulnerability.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-009">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-009</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-009</guid> - <pubDate>Mon, 10 Oct 2016 13:21:06 +0200</pubDate> - </item><item> - <title>Server: Stored XSS in CardDAV image export (NC-SA-2016-008)</title> - <description>The CardDAV image export functionality as implemented in Nextcloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.<strong>Note:</strong> Nextcloud employs a very strict Content Security Policy on the DAV endpoints. This is thus only exploitable on browsers that don't support Content Security Policy.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-008">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-008</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-008</guid> - <pubDate>Mon, 10 Oct 2016 13:21:06 +0200</pubDate> - </item><item> - <title>Server: Improper authorization check on removing shares (NC-SA-2016-007)</title> - <description>The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation did simply unshare the file to all users in the group.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-007">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-007</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-007</guid> - <pubDate>Mon, 10 Oct 2016 13:21:06 +0200</pubDate> - </item><item> - <title>Server: SMB User Authentication Bypass (NC-SA-2016-006)</title> - <description>Nextcloud includes an optional and not by default enabled SMB authentication component that allows to authenticate users against an SMB server.This backend is implemented in a way that it tries to connect to a SMB server and if that succeeded consider the user logged-in.The backend did not properly take into account SMB servers that any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials.<strong>Note:</strong> The SMB backend is disabled by default and requires manual configuration in the Nextcloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.<em><a href="https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/">The reporter has published a blog post about this issue on their website as well.</a></em><br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-006">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-006</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-006</guid> - <pubDate>Mon, 10 Oct 2016 13:21:06 +0200</pubDate> - </item><item> - <title>Server: Read-only share recipient can restore old versions of file (NC-SA-2016-005)</title> - <description>The restore capability of Nextcloud was not verifying whether an user has only read-only access to a share. Thus an user with read-only access was able to restore old versions.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-005">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-005</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-005</guid> - <pubDate>Tue, 19 Jul 2016 10:26:09 +0200</pubDate> - </item><item> - <title>Server: Edit permission check not enforced on WebDAV COPY action (NC-SA-2016-004)</title> - <description>The WebDAV endpoint was not properly checking the permission on a WebDAV "COPY" action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-004">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-004</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-004</guid> - <pubDate>Tue, 19 Jul 2016 10:26:09 +0200</pubDate> - </item><item> - <title>Server: Content-Spoofing in "files" app (NC-SA-2016-003)</title> - <description>The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-003">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-003</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-003</guid> - <pubDate>Tue, 19 Jul 2016 10:26:09 +0200</pubDate> - </item><item> - <title>Server: Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)</title> - <description>The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as HTML document. Thus any injected data in the log would be executed.While the document would only be executed locally (thus on another scope) we have decided to fix this to protect our users.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-002">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-002</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-002</guid> - <pubDate>Tue, 19 Jul 2016 10:26:09 +0200</pubDate> - </item><item> - <title>Server: Stored XSS in "gallery" application (NC-SA-2016-001)</title> - <description>Due to a recent migration of the Gallery app to the new sharing endpoint a parameter changed from an integer to a string value. This value wasn't sanitized before and was thus now vulnerable to a Cross-Site-Scripting attack.To exploit this vulnerability an authenticated attacker has to share a folder with someone else, get them to open the shared folder in the Gallery app and open the sharing window there. Since Nextcloud employs a strict Content-Security-Policy this vulnerability is only exploitable in browsers not supporting Content-Security-Policy. You can check at <a href="http://caniuse.com/#feat=contentsecuritypolicy">caniuse.com</a> whether your browser supports CSP.<br/><hr/><p><strong><a href="https://nextcloud.com/security/advisory/?id=nC-SA-2016-001">For more information please consult the official advisory.</a></strong></p></description> - <link>https://nextcloud.com/security/advisory/?id=nC-SA-2016-001</link> - <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2016-001</guid> - <pubDate>Tue, 19 Jul 2016 10:26:09 +0200</pubDate> - </item> -</channel> -</rss>
\ No newline at end of file diff --git a/advisories/full-list.php b/advisories/full-list.php deleted file mode 100644 index 9554f7f5..00000000 --- a/advisories/full-list.php +++ /dev/null @@ -1,688 +0,0 @@ -<hr> - -<h2>2021</h2> - -<h3>Desktop Client 3.1.3</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2021-008">Missing URL validation allowed RCE for the server on the Desktop client (NC-SA-2021-008)</a> 2021-02-24</li> -</ul> - -<h3>Nextcloud Server 20.0.6</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2021-005">Reflected XSS when renaming malicious file (NC-SA-2021-005)</a> 2021-01-25</li> - <li><a href="/security/advisory/?id=NC-SA-2021-004">External storage credentials stored for wrong user (NC-SA-2021-004)</a> 2021-01-25</li> -</ul> - -<h3>Nextcloud Server 20.0.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2021-002">Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)</a> 2020-11-18</li> - <li><a href="/security/advisory/?id=NC-SA-2021-001">Potential DDoS when posting long data into workflow validation rules (NC-SA-2021-001)</a> 2020-11-18</li> -</ul> - -<h3>Nextcloud Server 19.0.5</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2021-002">Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)</a> 2020-11-18</li> - <li><a href="/security/advisory/?id=NC-SA-2021-001">Potential DDoS when posting long data into workflow validation rules (NC-SA-2021-001)</a> 2020-11-18</li> -</ul> - -<h3>Nextcloud Server 18.0.11</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2021-002">Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)</a> 2020-11-18</li> - <li><a href="/security/advisory/?id=NC-SA-2021-001">Potential DDoS when posting long data into workflow validation rules (NC-SA-2021-001)</a> 2020-11-18</li> -</ul> - -<h3>Nextcloud Server 20.0.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2021-006">External storage app saves password for all users in the database (NC-SA-2021-006)</a> 2020-10-03</li> - <li><a href="/security/advisory/?id=NC-SA-2021-003">Denial of Service by requesting to reset a password (NC-SA-2021-003)</a> 2020-10-03</li> -</ul> - -<h3>Deck App 1.0.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2021-007">New users can read all Nextcloud Deck data from previous user with same username (NC-SA-2021-007)</a> 2020-06-03</li> -</ul> - -<hr> - -<h2>2020</h2> - -<h3>Contacts App 3.4.1</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-044">XSS through image upload on contacts using svg file with png extension (NC-SA-2020-044)</a> 2020-10-20</li> -</ul> - -<h3>Contacts App 3.4.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-045">XSS through image upload of contacts using svg file (NC-SA-2020-045)</a> 2020-10-20</li> -</ul> - -<h3>Social App 0.4.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-043">Social App does not validate server certificates for outgoing connections (NC-SA-2020-043)</a> 2020-10-15</li> - <li><a href="/security/advisory/?id=NC-SA-2020-042">Improper access control to messages of Social app (NC-SA-2020-042)</a> 2020-10-15</li> -</ul> - -<h3>Nextcloud Server 20.0.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-041">Improper integrity protection of server-side encryption keys (NC-SA-2020-041)</a> 2020-10-03</li> - <li><a href="/security/advisory/?id=NC-SA-2020-040">Improper confidentiality protection of server-side encryption keys (NC-SA-2020-040)</a> 2020-10-03</li> -</ul> - -<h3>Nextcloud Server 19.0.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-039">Downgrade encryption scheme and break integrity through known-plaintext attack (NC-SA-2020-039)</a> 2020-08-26</li> - <li><a href="/security/advisory/?id=NC-SA-2020-038">Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file (NC-SA-2020-038)</a> 2020-08-26</li> -</ul> - -<h3>Nextcloud Server 18.0.8</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-038">Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file (NC-SA-2020-038)</a> 2020-08-26</li> -</ul> - -<h3>Nextcloud Server 17.0.10</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-038">Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file (NC-SA-2020-038)</a> 2020-08-26</li> -</ul> - -<h3>Nextcloud Server 19.0.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-037">PIN for passwordless WebAuthn is asked for but not verified (NC-SA-2020-037)</a> 2020-08-25</li> -</ul> - -<h3>Preferred providers 1.8.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-033">Missing rate limit on signup page (NC-SA-2020-033)</a> 2020-08-03</li> -</ul> - -<h3>Nextcloud Server 19.0.1</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-029">Re-Sharing allows increase of privileges (NC-SA-2020-029)</a> 2020-07-16</li> -</ul> - -<h3>Nextcloud Server 18.0.7</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-029">Re-Sharing allows increase of privileges (NC-SA-2020-029)</a> 2020-07-16</li> -</ul> - -<h3>Nextcloud Server 17.0.8</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-029">Re-Sharing allows increase of privileges (NC-SA-2020-029)</a> 2020-07-16</li> -</ul> - -<h3>Deck App 1.0.5</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-036">Access control missing while viewing the attachments in the 'All boards' (NC-SA-2020-036)</a> 2020-07-15</li> -</ul> - -<h3>Desktop Client 2.6.5</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-035">Missing memory corruption protection on Windows release built (NC-SA-2020-035)</a> 2020-07-10</li> - <li><a href="/security/advisory/?id=NC-SA-2020-034">Memory Leak in OCUtil.dll library in Desktop client can lead to DoS (NC-SA-2020-034)</a> 2020-07-10</li> - <li><a href="/security/advisory/?id=NC-SA-2020-032">Linux client is vulnerable to directory traversal when downloading files (NC-SA-2020-032)</a> 2020-07-10</li> - <li><a href="/security/advisory/?id=NC-SA-2020-031">Clear text storage of proxy parameters and passwords (NC-SA-2020-031)</a> 2020-07-10</li> - <li><a href="/security/advisory/?id=NC-SA-2020-030">Arbitrary code execution in desktop client via OpenSSL config (NC-SA-2020-030)</a> 2020-07-10</li> - <li><a href="/security/advisory/?id=NC-SA-2020-027">XSS in desktop client via invalid server address on login form (NC-SA-2020-027)</a> 2020-07-10</li> -</ul> - -<h3>Preferred providers 1.7.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-028">Possible denial of service when entering a long password (NC-SA-2020-028)</a> 2020-06-16</li> -</ul> - -<h3>Nextcloud Server 19.0.1</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-026">Password of share by mail is not hashed when given on the create share call (NC-SA-2020-026)</a> 2020-06-04</li> -</ul> - -<h3>Nextcloud Server 18.0.6</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-026">Password of share by mail is not hashed when given on the create share call (NC-SA-2020-026)</a> 2020-06-04</li> -</ul> - -<h3>Nextcloud Server 19.0.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-023">Increase random used for encryption (NC-SA-2020-023)</a> 2020-06-04</li> -</ul> - -<h3>Nextcloud Server 18.0.5</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-023">Increase random used for encryption (NC-SA-2020-023)</a> 2020-06-04</li> -</ul> - -<h3>Nextcloud Server 17.0.7</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-023">Increase random used for encryption (NC-SA-2020-023)</a> 2020-06-04</li> -</ul> - -<h3>Deck App 1.0.1</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-022">Improper access control allows injecting tasks into other users decks (NC-SA-2020-022)</a> 2020-05-15</li> -</ul> - -<h3>Talk App 8.0.8</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-021">Code injection possible with malformed Nextcloud Talk chat commands (NC-SA-2020-021)</a> 2020-04-20</li> -</ul> - -<h3>Talk App 7.0.3</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-021">Code injection possible with malformed Nextcloud Talk chat commands (NC-SA-2020-021)</a> 2020-04-20</li> -</ul> - -<h3>Talk App 6.0.5</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-021">Code injection possible with malformed Nextcloud Talk chat commands (NC-SA-2020-021)</a> 2020-04-20</li> -</ul> - -<h3>Contacts App 3.3.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-024">Limit contacts photo uploading to images (NC-SA-2020-024)</a> 2020-04-16</li> -</ul> - -<h3>Deck App 0.8.1</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-025">Missing permission check on resharing a board (NC-SA-2020-025)</a> 2020-04-08</li> -</ul> - -<h3>Mail App 1.1.4</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-020">Mail app not verifying TLS host of mail servers (NC-SA-2020-020)</a> 2020-03-24</li> -</ul> - -<h3>Nextcloud Server 18.0.3</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-019">XSS in Files PDF viewer (NC-SA-2020-019)</a> 2020-03-18</li> - <li><a href="/security/advisory/?id=NC-SA-2020-018">Missing ownership check on remote wipe endpoint (NC-SA-2020-018)</a> 2020-03-18</li> -</ul> - -<h3>Nextcloud Server 17.0.5</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-018">Missing ownership check on remote wipe endpoint (NC-SA-2020-018)</a> 2020-03-18</li> -</ul> - -<h3>Desktop Client 2.6.3</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-016">Code injection in Nextcloud Desktop Client for macOS (NC-SA-2020-016)</a> 2020-02-17</li> -</ul> - -<h3>Nextcloud Server 18.0.1</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-015">Secure view shares can be downloaded by manipulating the URL (NC-SA-2020-015)</a> 2020-02-07</li> -</ul> - -<h3>Nextcloud Server 17.0.4</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-015">Secure view shares can be downloaded by manipulating the URL (NC-SA-2020-015)</a> 2020-02-07</li> -</ul> - -<h3>Nextcloud Server 16.0.9</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-015">Secure view shares can be downloaded by manipulating the URL (NC-SA-2020-015)</a> 2020-02-07</li> -</ul> - -<h3>Nextcloud Server 17.0.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-014">SSRF protection bypass in calendar subscriptions (NC-SA-2020-014)</a> 2019-12-12</li> -</ul> - -<h3>Nextcloud Server 16.0.7</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-014">SSRF protection bypass in calendar subscriptions (NC-SA-2020-014)</a> 2019-12-12</li> -</ul> - -<h3>Nextcloud Server 15.0.14</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-014">SSRF protection bypass in calendar subscriptions (NC-SA-2020-014)</a> 2019-12-12</li> -</ul> - -<h3>Android App 3.9.1</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-004">Bypass lock protection in Android app (NC-SA-2020-004)</a> 2019-12-05</li> -</ul> - -<h3>Nextcloud Server 17.0.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-002">Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)</a> 2019-12-04</li> -</ul> - -<h3>Nextcloud Server 16.0.7</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-002">Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)</a> 2019-12-04</li> -</ul> - -<h3>Nextcloud Server 15.0.14</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-002">Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)</a> 2019-12-04</li> -</ul> - -<h3>iOS App 2.25.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-003">Missing sanitization in iOS App allows XSS (NC-SA-2020-003)</a> 2019-11-20</li> -</ul> - -<h3>Nextcloud Server 17.0.1</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-006">Duplicate setup of second factor allowed (NC-SA-2020-006)</a> 2019-10-25</li> -</ul> - -<h3>Nextcloud Server 17.0.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-005">Missing default timeout on HTTP requests (NC-SA-2020-005)</a> 2019-09-04</li> -</ul> - -<h3>Nextcloud Server 16.0.4</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-008">Improper neutralization of item names in projects feature (NC-SA-2020-008)</a> 2019-07-29</li> -</ul> - -<h3>Deck App 0.6.6</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-010">Improper neutralization of item names in projects feature (NC-SA-2020-010)</a> 2019-07-29</li> -</ul> - -<h3>Talk App 6.0.4</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-011">Name of private conversations leaked when linked via projects to a shared item (NC-SA-2020-011)</a> 2019-07-29</li> - <li><a href="/security/advisory/?id=NC-SA-2020-009">Improper neutralization of item names in projects feature (NC-SA-2020-009)</a> 2019-07-29</li> -</ul> - -<h3>Groupfolders App 4.0.4</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-017">Renaming an item to a protected hidden folder deletes the target (NC-SA-2020-017)</a> 2019-07-15</li> -</ul> - -<h3>Nextcloud Server 16.0.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-012">Improper permission preservation on reshares (NC-SA-2020-012)</a> 2019-06-27</li> -</ul> - -<h3>Nextcloud Server 15.0.9</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-012">Improper permission preservation on reshares (NC-SA-2020-012)</a> 2019-06-27</li> -</ul> - -<h3>Nextcloud Server 14.0.13</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-012">Improper permission preservation on reshares (NC-SA-2020-012)</a> 2019-06-27</li> -</ul> - -<h3>Nextcloud Server 15.0.3</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-001">2FA sessions not properly expired on password change (NC-SA-2020-001)</a> 2019-04-01</li> -</ul> - -<h3>Nextcloud Server 14.0.7</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-001">2FA sessions not properly expired on password change (NC-SA-2020-001)</a> 2019-04-01</li> -</ul> - -<h3>Nextcloud Server 13.0.11</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-001">2FA sessions not properly expired on password change (NC-SA-2020-001)</a> 2019-04-01</li> -</ul> - -<h3>Nextcloud Server 15.0.6</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-007">Reflected XSS in redirect of the Updater (NC-SA-2020-007)</a> 2019-03-26</li> -</ul> - -<h3>Nextcloud Server 14.0.9</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-007">Reflected XSS in redirect of the Updater (NC-SA-2020-007)</a> 2019-03-26</li> -</ul> - -<h3>Nextcloud Server 14.0.4</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-013">Event details leaked when sharing a non-public calendar event (NC-SA-2020-013)</a> 2018-11-15</li> -</ul> - -<h3>Nextcloud Server 13.0.8</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-013">Event details leaked when sharing a non-public calendar event (NC-SA-2020-013)</a> 2018-11-15</li> -</ul> - -<h3>Nextcloud Server 12.0.13</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2020-013">Event details leaked when sharing a non-public calendar event (NC-SA-2020-013)</a> 2018-11-15</li> -</ul> - -<hr> - -<h2>2019</h2> - -<h3>iOS App 2.24.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-017">Login and token disclosure to other Nextcloud services (NC-SA-2019-017)</a> 2019-11-12</li> -</ul> - -<h3>Nextcloud Server 17.0.1</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-012">File-drop content is visible through the gallery app (NC-SA-2019-012)</a> 2019-10-22</li> -</ul> - -<h3>Nextcloud Server 16.0.6</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-012">File-drop content is visible through the gallery app (NC-SA-2019-012)</a> 2019-10-22</li> -</ul> - -<h3>Nextcloud Server 15.0.13</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-012">File-drop content is visible through the gallery app (NC-SA-2019-012)</a> 2019-10-22</li> -</ul> - -<h3>Circles App 0.17.8</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-013">Removing emails from circles does not revoke access to shared items (NC-SA-2019-013)</a> 2019-10-06</li> -</ul> - -<h3>Circles App 0.16.11</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-013">Removing emails from circles does not revoke access to shared items (NC-SA-2019-013)</a> 2019-10-06</li> -</ul> - -<h3>Nextcloud Server 15.0.8</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-015">Group admins can create users with IDs of system folders (NC-SA-2019-015)</a> 2019-08-12</li> -</ul> - -<h3>Nextcloud Server 14.0.11</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-015">Group admins can create users with IDs of system folders (NC-SA-2019-015)</a> 2019-08-12</li> -</ul> - -<h3>Nextcloud Server 16.0.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-018">Reflected XSS in svg logo generation (NC-SA-2019-018)</a> 2019-08-02</li> -</ul> - -<h3>Nextcloud Server 15.0.9</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-018">Reflected XSS in svg logo generation (NC-SA-2019-018)</a> 2019-08-02</li> -</ul> - -<h3>Nextcloud Server 14.0.13</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-018">Reflected XSS in svg logo generation (NC-SA-2019-018)</a> 2019-08-02</li> -</ul> - -<h3>Android App 3.7.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-009">Improper sanitization of HTML in directory names (NC-SA-2019-009)</a> 2019-07-26</li> -</ul> - -<h3>Android App 3.6.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-007">Thumbnails of files leaked via Android content provider (NC-SA-2019-007)</a> 2019-07-26</li> -</ul> - -<h3>Android App 3.6.1</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-011">Query restriction bypass on exposed FileContentProvider in Android app (NC-SA-2019-011)</a> 2019-07-26</li> - <li><a href="/security/advisory/?id=NC-SA-2019-008">Bypass lock protection in Android app (NC-SA-2019-008)</a> 2019-07-26</li> - <li><a href="/security/advisory/?id=NC-SA-2019-004">Bypass lock protection in Android app (NC-SA-2019-004)</a> 2019-07-26</li> -</ul> - -<h3>Android App 3.3.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-006">Bypass lock protection in Android app (NC-SA-2019-006)</a> 2019-07-26</li> -</ul> - -<h3>Android App 3.0.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-005">SQL injection in Android app content provider (NC-SA-2019-005)</a> 2019-07-26</li> -</ul> - -<h3>Lookup server 0.3.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-010">SQL Injection in lookup-server (NC-SA-2019-010)</a> 2019-07-26</li> -</ul> - -<h3>Nextcloud Server 16.0.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-014">Server-Side request forgery in New-Subscription feature of the calendar app (NC-SA-2019-014)</a> 2019-07-04</li> -</ul> - -<h3>Nextcloud Server 15.0.9</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-014">Server-Side request forgery in New-Subscription feature of the calendar app (NC-SA-2019-014)</a> 2019-07-04</li> -</ul> - -<h3>Nextcloud Server 16.0.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-016">User IDs and Nextcloud server leaked to Nextcloud Lookup server with disabled settings (NC-SA-2019-016)</a> 2019-06-26</li> -</ul> - -<h3>Nextcloud Server 15.0.9</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-016">User IDs and Nextcloud server leaked to Nextcloud Lookup server with disabled settings (NC-SA-2019-016)</a> 2019-06-26</li> -</ul> - -<h3>Nextcloud Server 14.0.13</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-016">User IDs and Nextcloud server leaked to Nextcloud Lookup server with disabled settings (NC-SA-2019-016)</a> 2019-06-26</li> -</ul> - -<h3>Nextcloud Server 15.0.1</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-001">Classification of calendar events is ignored by the activity stream (NC-SA-2019-001)</a> 2019-04-12</li> -</ul> - -<h3>Nextcloud Server 14.0.5</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-003">Improper share updates could result in extended data access (NC-SA-2019-003)</a> 2019-04-12</li> - <li><a href="/security/advisory/?id=NC-SA-2019-001">Classification of calendar events is ignored by the activity stream (NC-SA-2019-001)</a> 2019-04-12</li> -</ul> - -<h3>Nextcloud Server 13.0.9</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-003">Improper share updates could result in extended data access (NC-SA-2019-003)</a> 2019-04-12</li> - <li><a href="/security/advisory/?id=NC-SA-2019-001">Classification of calendar events is ignored by the activity stream (NC-SA-2019-001)</a> 2019-04-12</li> -</ul> - -<h3>Nextcloud Server 15.0.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-003">Improper share updates could result in extended data access (NC-SA-2019-003)</a> 2019-04-12</li> - <li><a href="/security/advisory/?id=NC-SA-2019-002">Improper access control checks for share expiration date (NC-SA-2019-002)</a> 2019-04-12</li> -</ul> - -<h3>Nextcloud Server 14.0.4</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-002">Improper access control checks for share expiration date (NC-SA-2019-002)</a> 2019-04-12</li> -</ul> - -<h3>Nextcloud Server 13.0.8</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-002">Improper access control checks for share expiration date (NC-SA-2019-002)</a> 2019-04-12</li> -</ul> - -<h3>Nextcloud Server 12.0.13</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2019-002">Improper access control checks for share expiration date (NC-SA-2019-002)</a> 2019-04-12</li> -</ul> - -<hr> - -<h2>2018</h2> - -<h3>Android App 3.2.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-015">Improper check for access to application database (NC-SA-2018-015)</a> 2019-07-26</li> -</ul> - -<h3>Nextcloud Server 14.0.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-014">Improper access control checks for single share previews (NC-SA-2018-014)</a> 2018-10-25</li> - <li><a href="/security/advisory/?id=NC-SA-2018-013">Session fixation on public share page (NC-SA-2018-013)</a> 2018-10-25</li> - <li><a href="/security/advisory/?id=NC-SA-2018-012">Improper authentication on public shares (NC-SA-2018-012)</a> 2018-10-25</li> - <li><a href="/security/advisory/?id=NC-SA-2018-011">Second factor authentication bypassed if provider fails to load (NC-SA-2018-011)</a> 2018-10-25</li> - <li><a href="/security/advisory/?id=NC-SA-2018-010">Improper validation of permissions (NC-SA-2018-010)</a> 2018-10-25</li> -</ul> - -<h3>Nextcloud Server 13.0.6</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-010">Improper validation of permissions (NC-SA-2018-010)</a> 2018-10-25</li> -</ul> - -<h3>Nextcloud Server 12.0.11</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-010">Improper validation of permissions (NC-SA-2018-010)</a> 2018-10-25</li> -</ul> - -<h3>Nextcloud Server 13.0.3</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-013">Session fixation on public share page (NC-SA-2018-013)</a> 2018-10-25</li> -</ul> - -<h3>Nextcloud Server 12.0.8</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-013">Session fixation on public share page (NC-SA-2018-013)</a> 2018-10-25</li> -</ul> - -<h3>Nextcloud Server 13.0.5</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-008">Stored XSS in autocomplete suggestions for file comments (NC-SA-2018-008)</a> 2018-08-10</li> -</ul> - -<h3>Talk App 3.2.5</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-009">Stored XSS in autocomplete suggestions for chat @-mentions (NC-SA-2018-009)</a> 2018-08-10</li> -</ul> - -<h3>Nextcloud Server 12.0.3</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-007">Bypass of 2 Factor Authentication (NC-SA-2018-007)</a> 2018-08-03</li> - <li><a href="/security/advisory/?id=NC-SA-2018-006">Improper validation of data passed to JSON encoder (NC-SA-2018-006)</a> 2018-08-03</li> -</ul> - -<h3>Nextcloud Server 11.0.5</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-006">Improper validation of data passed to JSON encoder (NC-SA-2018-006)</a> 2018-08-03</li> -</ul> - -<h3>Nextcloud Server 13.0.3</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-003">Improper validation on OAuth2 token endpoint (NC-SA-2018-003)</a> 2018-06-21</li> - <li><a href="/security/advisory/?id=NC-SA-2018-002">File access control rules not applied to image previews (NC-SA-2018-002)</a> 2018-06-21</li> -</ul> - -<h3>Nextcloud Server 12.0.8</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-003">Improper validation on OAuth2 token endpoint (NC-SA-2018-003)</a> 2018-06-21</li> - <li><a href="/security/advisory/?id=NC-SA-2018-002">File access control rules not applied to image previews (NC-SA-2018-002)</a> 2018-06-21</li> -</ul> - -<h3>Calendar App 1.6.1</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-004">Stored XSS in calendar via group shares (NC-SA-2018-004)</a> 2018-06-21</li> -</ul> - -<h3>Calendar App 1.5.8</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-004">Stored XSS in calendar via group shares (NC-SA-2018-004)</a> 2018-06-21</li> -</ul> - -<h3>Contacts App 2.1.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-005">Stored XSS in contacts via group shares (NC-SA-2018-005)</a> 2018-06-21</li> -</ul> - -<h3>Nextcloud Server 12.0.5</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-001">App password scope can be changed for other users (NC-SA-2018-001)</a> 2018-02-07</li> -</ul> - -<h3>Nextcloud Server 11.0.7</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2018-001">App password scope can be changed for other users (NC-SA-2018-001)</a> 2018-02-07</li> -</ul> - -<hr> - -<h2>2017</h2> - -<h3>Nextcloud Server 11.0.3</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2017-011">Share tokens for public calendars disclosed (NC-SA-2017-011)</a> 2017-05-08</li> - <li><a href="/security/advisory/?id=NC-SA-2017-010">Stored XSS in Gallery application (NC-SA-2017-010)</a> 2017-05-08</li> - <li><a href="/security/advisory/?id=NC-SA-2017-009">Limitation of app specific password scope can be bypassed (NC-SA-2017-009)</a> 2017-05-08</li> - <li><a href="/security/advisory/?id=NC-SA-2017-008">Reflected XSS in error pages (NC-SA-2017-008)</a> 2017-05-08</li> - <li><a href="/security/advisory/?id=NC-SA-2017-007">DOM XSS vulnerability in search dialogue (NC-SA-2017-007)</a> 2017-05-08</li> -</ul> - -<h3>Nextcloud Server 10.0.5</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2017-010">Stored XSS in Gallery application (NC-SA-2017-010)</a> 2017-05-08</li> - <li><a href="/security/advisory/?id=NC-SA-2017-008">Reflected XSS in error pages (NC-SA-2017-008)</a> 2017-05-08</li> -</ul> - -<h3>Nextcloud Server 9.0.58</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2017-010">Stored XSS in Gallery application (NC-SA-2017-010)</a> 2017-05-08</li> - <li><a href="/security/advisory/?id=NC-SA-2017-008">Reflected XSS in error pages (NC-SA-2017-008)</a> 2017-05-08</li> -</ul> - -<h3>Nextcloud Server 11.0.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2017-012">Calendar and addressbook names disclosed (NC-SA-2017-012)</a> 2017-05-08</li> -</ul> - -<h3>Nextcloud Server 10.0.4</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2017-012">Calendar and addressbook names disclosed (NC-SA-2017-012)</a> 2017-05-08</li> -</ul> - -<h3>Nextcloud Server 10.0.2</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2017-006">Content-Spoofing in "files" app (NC-SA-2017-006)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-005">Bypassing quota limitation (NC-SA-2017-005)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-004">Denial of Service attack (NC-SA-2017-004)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-003">Error message discloses existence of file in write-only share (NC-SA-2017-003)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-002">Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-001">Permission increase on re-sharing via OCS API (NC-SA-2017-001)</a> 2017-02-05</li> -</ul> - -<h3>Nextcloud Server 9.0.55</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2017-006">Content-Spoofing in "files" app (NC-SA-2017-006)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-005">Bypassing quota limitation (NC-SA-2017-005)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-004">Denial of Service attack (NC-SA-2017-004)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-003">Error message discloses existence of file in write-only share (NC-SA-2017-003)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-002">Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)</a> 2017-02-05</li> - <li><a href="/security/advisory/?id=NC-SA-2017-001">Permission increase on re-sharing via OCS API (NC-SA-2017-001)</a> 2017-02-05</li> -</ul> - -<hr> - -<h2>2016</h2> - -<h3>Nextcloud Server 10.0.1</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2016-011">Content-Spoofing in "dav" app (NC-SA-2016-011)</a> 2016-10-10</li> - <li><a href="/security/advisory/?id=NC-SA-2016-010">Content-Spoofing in "files" app (NC-SA-2016-010)</a> 2016-10-10</li> - <li><a href="/security/advisory/?id=NC-SA-2016-009">Reflected XSS in Gallery application (NC-SA-2016-009)</a> 2016-10-10</li> - <li><a href="/security/advisory/?id=NC-SA-2016-008">Stored XSS in CardDAV image export (NC-SA-2016-008)</a> 2016-10-10</li> - <li><a href="/security/advisory/?id=NC-SA-2016-006">SMB User Authentication Bypass (NC-SA-2016-006)</a> 2016-10-10</li> -</ul> - -<h3>Nextcloud Server 9.0.54</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2016-011">Content-Spoofing in "dav" app (NC-SA-2016-011)</a> 2016-10-10</li> - <li><a href="/security/advisory/?id=NC-SA-2016-010">Content-Spoofing in "files" app (NC-SA-2016-010)</a> 2016-10-10</li> - <li><a href="/security/advisory/?id=NC-SA-2016-007">Improper authorization check on removing shares (NC-SA-2016-007)</a> 2016-10-10</li> - <li><a href="/security/advisory/?id=NC-SA-2016-006">SMB User Authentication Bypass (NC-SA-2016-006)</a> 2016-10-10</li> -</ul> - -<h3>Nextcloud Server 10.0.0</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2016-007">Improper authorization check on removing shares (NC-SA-2016-007)</a> 2016-10-10</li> -</ul> - -<h3>Nextcloud Server 9.0.52</h3> -<ul> - <li><a href="/security/advisory/?id=NC-SA-2016-005">Read-only share recipient can restore old versions of file (NC-SA-2016-005)</a> 2016-07-19</li> - <li><a href="/security/advisory/?id=NC-SA-2016-004">Edit permission check not enforced on WebDAV COPY action (NC-SA-2016-004)</a> 2016-07-19</li> - <li><a href="/security/advisory/?id=NC-SA-2016-003">Content-Spoofing in "files" app (NC-SA-2016-003)</a> 2016-07-19</li> - <li><a href="/security/advisory/?id=NC-SA-2016-002">Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)</a> 2016-07-19</li> - <li><a href="/security/advisory/?id=NC-SA-2016-001">Stored XSS in "gallery" application (NC-SA-2016-001)</a> 2016-07-19</li> -</ul> - |