Nextcloud Server — набор клиент-серверных программ для создания и использования хранилища данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 440
GHSA-6mm6-pp6h-9p36
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.
GHSA-2v55-qcx6-c482
Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication.
GHSA-grrj-5c92-774h
Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.
GHSA-6p7m-f494-cjvp
Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to.
GHSA-frc3-rhfw-jxf5
Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.
GHSA-9qxg-6mvx-c4mc
A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.
CVE-2022-24889
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.
CVE-2022-24889
Nextcloud Server is the file server software for Nextcloud, a self-hos ...
CVE-2022-24888
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds.
CVE-2022-24888
Nextcloud Server is the file server software for Nextcloud, a self-hos ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-6mm6-pp6h-9p36 Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад |
| GHSA-2v55-qcx6-c482 Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| GHSA-grrj-5c92-774h Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | CVSS3: 5.3 | 1% Низкий | больше 3 лет назад |
| GHSA-6p7m-f494-cjvp Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-frc3-rhfw-jxf5 Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised. | CVSS3: 8.1 | 1% Низкий | больше 3 лет назад |
| GHSA-9qxg-6mvx-c4mc A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. | CVSS3: 5.4 | 1% Низкий | больше 3 лет назад |
 | CVE-2022-24889 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1. | CVSS3: 2.4 | 0% Низкий | почти 4 года назад |
| CVE-2022-24889 Nextcloud Server is the file server software for Nextcloud, a self-hos ... | CVSS3: 2.4 | 0% Низкий | почти 4 года назад |
| CVE-2022-24888 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds. | CVSS3: 4.3 | 0% Низкий | почти 4 года назад |
| CVE-2022-24888 Nextcloud Server is the file server software for Nextcloud, a self-hos ... | CVSS3: 4.3 | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу