From d2e9a822e81226acd3d5dbad77e9f58abf3b15d2 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Wed, 15 Jul 2020 09:09:17 +0200
Subject: Add SA updates for July

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 advisories/advisories.rss     | 18 ++++++++++++++++++
 advisories/full-list.php      | 30 ++++++++++++++++++++++++++++++
 advisories/nc-sa-2020-023.php | 36 ++++++++++++++++++++++++++++++++++++
 advisories/nc-sa-2020-025.php |  2 +-
 advisories/nc-sa-2020-026.php | 35 +++++++++++++++++++++++++++++++++++
 advisories/nc-sa-2020-028.php | 34 ++++++++++++++++++++++++++++++++++
 6 files changed, 154 insertions(+), 1 deletion(-)
 create mode 100644 advisories/nc-sa-2020-023.php
 create mode 100644 advisories/nc-sa-2020-026.php
 create mode 100644 advisories/nc-sa-2020-028.php

diff --git a/advisories/advisories.rss b/advisories/advisories.rss
index 75eb86f9..11eb0159 100644
--- a/advisories/advisories.rss
+++ b/advisories/advisories.rss
@@ -5,6 +5,18 @@
  <link>https://nextcloud.com/security/advisories/</link>
  <description>The Nextcloud security advisories as a RSS feed</description>
  <ttl>1800</ttl><item>
+  <title>Preferred providers: Possible denial of service when entering a long password (NC-SA-2020-028)</title>
+  <description>Improper check of inputs in Preferred providers app 1.6.0 allowed to perform a denial of service attack when using a very long password.&lt;br/&gt;&lt;hr/&gt;&lt;p&gt;&lt;strong&gt;&lt;a href=&quot;https://nextcloud.com/security/advisory/?id=nC-SA-2020-028&quot;&gt;For more information please consult the official advisory.&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;</description>
+  <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-028</link>
+  <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-028</guid>
+  <pubDate>Tue, 16 Jun 2020 14:00:00 +0200</pubDate>
+ </item><item>
+  <title>Server: Password of share by mail is not hashed when given on the create share call (NC-SA-2020-026)</title>
+  <description>A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.&lt;br/&gt;&lt;hr/&gt;&lt;p&gt;&lt;strong&gt;&lt;a href=&quot;https://nextcloud.com/security/advisory/?id=nC-SA-2020-026&quot;&gt;For more information please consult the official advisory.&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;</description>
+  <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-026</link>
+  <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-026</guid>
+  <pubDate>Thu, 04 Jun 2020 14:00:00 +0200</pubDate>
+ </item><item>
   <title>Deck App: Missing permission check on resharing a board (NC-SA-2020-025)</title>
   <description>Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.&lt;br/&gt;&lt;hr/&gt;&lt;p&gt;&lt;strong&gt;&lt;a href=&quot;https://nextcloud.com/security/advisory/?id=nC-SA-2020-025&quot;&gt;For more information please consult the official advisory.&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;</description>
   <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-025</link>
@@ -16,6 +28,12 @@
   <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-024</link>
   <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-024</guid>
   <pubDate>Thu, 16 Apr 2020 14:00:00 +0200</pubDate>
+ </item><item>
+  <title>Server: Increase random used for encryption (NC-SA-2020-023)</title>
+  <description>A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.&lt;br/&gt;&lt;hr/&gt;&lt;p&gt;&lt;strong&gt;&lt;a href=&quot;https://nextcloud.com/security/advisory/?id=nC-SA-2020-023&quot;&gt;For more information please consult the official advisory.&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;</description>
+  <link>https://nextcloud.com/security/advisory/?id=nC-SA-2020-023</link>
+  <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2020-023</guid>
+  <pubDate>Thu, 04 Jun 2020 14:00:00 +0200</pubDate>
  </item><item>
   <title>Deck App: Improper access control allows injecting tasks into other users decks (NC-SA-2020-022)</title>
   <description>Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.&lt;br/&gt;&lt;hr/&gt;&lt;p&gt;&lt;strong&gt;&lt;a href=&quot;https://nextcloud.com/security/advisory/?id=nC-SA-2020-022&quot;&gt;For more information please consult the official advisory.&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;</description>
diff --git a/advisories/full-list.php b/advisories/full-list.php
index 671f8baf..584d4d19 100644
--- a/advisories/full-list.php
+++ b/advisories/full-list.php
@@ -2,6 +2,36 @@
 
 <h2>2020</h2>
 
+<h3>Preferred providers 1.7.0</h3>
+<ul>
+	<li><a href="/security/advisory/?id=NC-SA-2020-028">Possible denial of service when entering a long password (NC-SA-2020-028)</a> 2020-06-16</li>
+</ul>
+
+<h3>Nextcloud Server 19.0.1</h3>
+<ul>
+	<li><a href="/security/advisory/?id=NC-SA-2020-026">Password of share by mail is not hashed when given on the create share call (NC-SA-2020-026)</a> 2020-06-04</li>
+</ul>
+
+<h3>Nextcloud Server 18.0.6</h3>
+<ul>
+	<li><a href="/security/advisory/?id=NC-SA-2020-026">Password of share by mail is not hashed when given on the create share call (NC-SA-2020-026)</a> 2020-06-04</li>
+</ul>
+
+<h3>Nextcloud Server 19.0.0</h3>
+<ul>
+	<li><a href="/security/advisory/?id=NC-SA-2020-023">Increase random used for encryption (NC-SA-2020-023)</a> 2020-06-04</li>
+</ul>
+
+<h3>Nextcloud Server 18.0.5</h3>
+<ul>
+	<li><a href="/security/advisory/?id=NC-SA-2020-023">Increase random used for encryption (NC-SA-2020-023)</a> 2020-06-04</li>
+</ul>
+
+<h3>Nextcloud Server 17.0.7</h3>
+<ul>
+	<li><a href="/security/advisory/?id=NC-SA-2020-023">Increase random used for encryption (NC-SA-2020-023)</a> 2020-06-04</li>
+</ul>
+
 <h3>Deck App 1.0.1</h3>
 <ul>
 	<li><a href="/security/advisory/?id=NC-SA-2020-022">Improper access control allows injecting tasks into other users decks (NC-SA-2020-022)</a> 2020-05-15</li>
diff --git a/advisories/nc-sa-2020-023.php b/advisories/nc-sa-2020-023.php
new file mode 100644
index 00000000..17385eef
--- /dev/null
+++ b/advisories/nc-sa-2020-023.php
@@ -0,0 +1,36 @@
+<div class="row page-content-header">
+<div class="col-md-12">
+    <h1>Security Advisory</h1>
+    <a href="/security/advisories/">Back to advisories</a>
+</div>
+</div>
+<div class="row">
+    <div class="col-md-12">
+        <h2>Increase random used for encryption (NC-SA-2020-023)</h2>
+        <p>4th June 2020</p>
+        <p>Risk level: <strong>Low</strong></p>
+        <p>CVSS v3 Base Score: 2.2 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N">AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N</a>)</p>
+        <p>CWE: <a href="https://cwe.mitre.org/data/definitions/310.html">Cryptographic Issues - Generic (CWE-310)</a></p>
+        <p>HackerOne report: <a href="https://hackerone.com/reports/852841">852841</a></p>
+        <h3>Description</h3>
+        <p>A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.</p>
+        <h3>Affected Software</h3>
+        <ul>
+            <li>Nextcloud Server &lt; <strong>19.0.0</strong> (CVE-2020-8173)</li>
+<li>Nextcloud Server &lt; <strong>18.0.5</strong> (CVE-2020-8173)</li>
+<li>Nextcloud Server &lt; <strong>17.0.7</strong> (CVE-2020-8173)</li>
+
+        </ul>
+        <h3>Action Taken</h3>
+        <p>The error has been fixed.</p>
+        <h3>Resolution</h3>
+        <p>It is recommended that the Nextcloud Server is upgraded to 19.0.0.</p>
+        <h3>Acknowledgements</h3>
+        <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p>
+        <ul>
+            <li>Lynn Stephenson - Vulnerability discovery and disclosure.</li>
+        </ul>
+        <br/>
+        <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small>
+    </div>
+</div>
diff --git a/advisories/nc-sa-2020-025.php b/advisories/nc-sa-2020-025.php
index 668ed7e7..5b0b5fa6 100644
--- a/advisories/nc-sa-2020-025.php
+++ b/advisories/nc-sa-2020-025.php
@@ -26,7 +26,7 @@
         <h3>Acknowledgements</h3>
         <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p>
         <ul>
-            <li><a href="https://www.clarifiedsecurity.com/silvia-vali/" target="_blank" rel="noreferrer">Silvia Väli (silvia@clarifiedsecurity.com) - Vulnerability discovery and disclosure.</a></li>
+            <li><a href="https://www.clarifiedsecurity.com/silvia-vali/" target="_blank" rel="noreferrer">Silvia Väli - Clarified Security (silvia@clarifiedsecurity.com) - Vulnerability discovery and disclosure.</a></li>
         </ul>
         <br/>
         <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small>
diff --git a/advisories/nc-sa-2020-026.php b/advisories/nc-sa-2020-026.php
new file mode 100644
index 00000000..bff9040e
--- /dev/null
+++ b/advisories/nc-sa-2020-026.php
@@ -0,0 +1,35 @@
+<div class="row page-content-header">
+<div class="col-md-12">
+    <h1>Security Advisory</h1>
+    <a href="/security/advisories/">Back to advisories</a>
+</div>
+</div>
+<div class="row">
+    <div class="col-md-12">
+        <h2>Password of share by mail is not hashed when given on the create share call (NC-SA-2020-026)</h2>
+        <p>4th June 2020</p>
+        <p>Risk level: <strong>Low</strong></p>
+        <p>CVSS v3 Base Score: 5 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L">AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L</a>)</p>
+        <p>CWE: <a href="https://cwe.mitre.org/data/definitions/256.html">Plaintext Storage of a Password (CWE-256)</a></p>
+        <p>HackerOne report: <a href="https://hackerone.com/reports/885041">885041</a></p>
+        <h3>Description</h3>
+        <p>A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.</p>
+        <h3>Affected Software</h3>
+        <ul>
+            <li>Nextcloud Server &lt; <strong>19.0.1</strong> (CVE-2020-8183)</li>
+<li>Nextcloud Server &lt; <strong>18.0.6</strong> (CVE-2020-8183)</li>
+
+        </ul>
+        <h3>Action Taken</h3>
+        <p>The error has been fixed.</p>
+        <h3>Resolution</h3>
+        <p>It is recommended that the Nextcloud Server is upgraded to 19.0.1.</p>
+        <h3>Acknowledgements</h3>
+        <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p>
+        <ul>
+            <li><a href="https://nextcloud.com/" target="_blank" rel="noreferrer"> - Nextcloud GmbH - Vulnerability discovery and disclosure.</a></li>
+        </ul>
+        <br/>
+        <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small>
+    </div>
+</div>
diff --git a/advisories/nc-sa-2020-028.php b/advisories/nc-sa-2020-028.php
new file mode 100644
index 00000000..2b5def57
--- /dev/null
+++ b/advisories/nc-sa-2020-028.php
@@ -0,0 +1,34 @@
+<div class="row page-content-header">
+<div class="col-md-12">
+    <h1>Security Advisory</h1>
+    <a href="/security/advisories/">Back to advisories</a>
+</div>
+</div>
+<div class="row">
+    <div class="col-md-12">
+        <h2>Possible denial of service when entering a long password (NC-SA-2020-028)</h2>
+        <p>16th June 2020</p>
+        <p>Risk level: <strong>Low</strong></p>
+        <p>CVSS v3 Base Score: 5.3 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L">AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</a>)</p>
+        <p>CWE: <a href="https://cwe.mitre.org/data/definitions/307.html">Brute Force (CWE-307)</a></p>
+        <p>HackerOne report: <a href="https://hackerone.com/reports/840598">840598</a></p>
+        <h3>Description</h3>
+        <p>Improper check of inputs in Preferred providers app 1.6.0 allowed to perform a denial of service attack when using a very long password.</p>
+        <h3>Affected Software</h3>
+        <ul>
+            <li>Nextcloud Preferred_providers &lt; <strong>1.7.0</strong> (CVE-2020-8202)</li>
+
+        </ul>
+        <h3>Action Taken</h3>
+        <p>The error has been fixed.</p>
+        <h3>Resolution</h3>
+        <p>It is recommended that the Preferred providers app is upgraded to 1.7.0.</p>
+        <h3>Acknowledgements</h3>
+        <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p>
+        <ul>
+            <li>Abhishek Raj (araj07810@gmail.com) - Vulnerability discovery and disclosure.</li>
+        </ul>
+        <br/>
+        <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small>
+    </div>
+</div>
-- 
cgit v1.2.3