Nextcloud Server — набор клиент-серверных программ для создания и использования хранилища данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 429
CVE-2024-52519
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7.
CVE-2024-52519
Nextcloud Server is a self hosted personal cloud system. The OAuth2 cl ...
CVE-2024-52518
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.
CVE-2024-52518
Nextcloud Server is a self hosted personal cloud system. After an atta ...
CVE-2024-52517
Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1.
CVE-2024-52517
Nextcloud Server is a self hosted personal cloud system. After storing ...
CVE-2024-52516
Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6.
CVE-2024-52516
Nextcloud Server is a self hosted personal cloud system. When a server ...
CVE-2024-52515
Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview the other file instead. It is recommended that the Nextcloud Server is upgraded to 27.1.10, 28.0.6 or 29.0.1 and Nextcloud Enterprise Server is upgraded to 24.0.12.15, 25.0.13.10, 26.0.13.4, 27.1.10, 28.0.6 or 29.0.1.
CVE-2024-52515
Nextcloud Server is a self hosted personal cloud system. After an admi ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2024-52519 Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7. | CVSS3: 2.7 | 0% Низкий | 12 месяцев назад |
| CVE-2024-52519 Nextcloud Server is a self hosted personal cloud system. The OAuth2 cl ... | CVSS3: 2.7 | 0% Низкий | 12 месяцев назад |
| CVE-2024-52518 Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2. | CVSS3: 4.4 | 0% Низкий | 12 месяцев назад |
| CVE-2024-52518 Nextcloud Server is a self hosted personal cloud system. After an atta ... | CVSS3: 4.4 | 0% Низкий | 12 месяцев назад |
| CVE-2024-52517 Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1. | CVSS3: 4.6 | 0% Низкий | 12 месяцев назад |
| CVE-2024-52517 Nextcloud Server is a self hosted personal cloud system. After storing ... | CVSS3: 4.6 | 0% Низкий | 12 месяцев назад |
| CVE-2024-52516 Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6. | CVSS3: 3 | 0% Низкий | 12 месяцев назад |
| CVE-2024-52516 Nextcloud Server is a self hosted personal cloud system. When a server ... | CVSS3: 3 | 0% Низкий | 12 месяцев назад |
| CVE-2024-52515 Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview the other file instead. It is recommended that the Nextcloud Server is upgraded to 27.1.10, 28.0.6 or 29.0.1 and Nextcloud Enterprise Server is upgraded to 24.0.12.15, 25.0.13.10, 26.0.13.4, 27.1.10, 28.0.6 or 29.0.1. | CVSS3: 5.7 | 0% Низкий | 12 месяцев назад |
| CVE-2024-52515 Nextcloud Server is a self hosted personal cloud system. After an admi ... | CVSS3: 5.7 | 0% Низкий | 12 месяцев назад |
Уязвимостей на страницу