Nextcloud Server — набор клиент-серверных программ для создания и использования хранилища данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 409
GHSA-xqxr-66xr-xfq3
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
GHSA-3j4p-7g9x-w28j
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.
GHSA-27v9-58mg-8v43
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.
GHSA-rw2m-m5fq-rcj4
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
GHSA-fjpp-r368-h9gx
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.
GHSA-mqg9-fwrm-2gxr
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.
GHSA-63cq-5v5v-47mp
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
GHSA-gwpm-3v8h-j4wh
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
GHSA-wgxr-73ph-q4xr
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
GHSA-pqcg-83hr-mr43
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-xqxr-66xr-xfq3 An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | 1% Низкий | около 3 лет назад | |
| GHSA-3j4p-7g9x-w28j A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | CVSS3: 6.5 | 0% Низкий | около 3 лет назад |
| GHSA-27v9-58mg-8v43 A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | 0% Низкий | около 3 лет назад | |
| GHSA-rw2m-m5fq-rcj4 Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | 1% Низкий | около 3 лет назад | |
| GHSA-fjpp-r368-h9gx A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | 0% Низкий | около 3 лет назад | |
| GHSA-mqg9-fwrm-2gxr A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-63cq-5v5v-47mp A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | 0% Низкий | около 3 лет назад | |
| GHSA-gwpm-3v8h-j4wh An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | 1% Низкий | около 3 лет назад | |
| GHSA-wgxr-73ph-q4xr Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. | 0% Низкий | около 3 лет назад | |
| GHSA-pqcg-83hr-mr43 Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу