Описание
Security update for nextcloud
This update for nextcloud to 18.0.4 fixes the following issues:
Security issues fixed:
- CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs (NC-SA-2020-018 boo#1171579).
- CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices of other users (NC-SA-2020-019 boo#1171572).
Список пакетов
openSUSE Leap 15.1
nextcloud-18.0.4-lp151.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0670-1
- SUSE Security Ratings
- SUSE Bug 1171572
- SUSE Bug 1171579
- SUSE CVE CVE-2020-8154 page
- SUSE CVE CVE-2020-8155 page
Описание
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.
Затронутые продукты
openSUSE Leap 15.1:nextcloud-18.0.4-lp151.2.6.1
Ссылки
- CVE-2020-8154
- SUSE Bug 1171579
Описание
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
Затронутые продукты
openSUSE Leap 15.1:nextcloud-18.0.4-lp151.2.6.1
Ссылки
- CVE-2020-8155
- SUSE Bug 1171572