diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2016-06-17 15:20:50 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-06-17 15:20:50 +0300 |
commit | 72fd5fa9c101e91ce935fe8f98fc2ed5864337e3 (patch) | |
tree | 85f8d5c660658d462cd68bfc190b849c728ee11e /page-threat-model.php | |
parent | aa93d813b5323bf74282f0195259855b61230a38 (diff) |
Update page-threat-model.php
Diffstat (limited to 'page-threat-model.php')
-rw-r--r-- | page-threat-model.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/page-threat-model.php b/page-threat-model.php index efdeb8a3..b49f967a 100644 --- a/page-threat-model.php +++ b/page-threat-model.php @@ -25,6 +25,9 @@ in those disabled features as not bounty-worthy.</p> <h3>Audit logging</h3> <p>The audit logging feature in Nextcloud is at the moment missing some logs for things like "Accessing previews of files", these will be added in a future release and known issues are tracked in our <a href="https://github.com/nextcloud/server/issues/">issue tracker</a>.</p> +<h3>Version disclosure</h3> +<p>At the moment we consider version disclosure an accepted risk as an attacker can enumerate service versions using other means as well. (e.g. comparing behaviour)</p> + <h3>Attacks involving other Android apps on the device</h3> <p>We do consider attacks involving other Android apps on the device as minimal risk, also especially considering that the Nextcloud Android apps stores synced files locally accessible on the device. (since no Content Provider is yet implemented).</p> |