Nextcloud Server — набор клиент-серверных программ для создания и использования хранилища данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 409
CVE-2021-32656
Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate server user added as a federated share. This happens because Nextcloud supports sharing registered users with other Nextcloud servers, which can be done automatically when selecting the "Add server automatically once a federated share was created successfully" setting. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2 As a workaround, disable "Add server automatically once a federated share was created successfully" in the Nextcloud settings.
CVE-2021-32656
Nextcloud Server is a Nextcloud package that handles data storage. A v ...
CVE-2021-32655
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and tries to remove the "Create" privileges of this unexpected share, Nextcloud server would silently grant the share read privileges. The vulnerability is patched in versions 19.0.11, 20.0.10 and 21.0.2. No workarounds are known to exist.
CVE-2021-32655
Nextcloud Server is a Nextcloud package that handles data storage. In ...
CVE-2021-32654
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link. Users can upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a workaround, disable federated file sharing.
CVE-2021-32654
Nextcloud Server is a Nextcloud package that handles data storage. In ...
CVE-2021-32653
Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workarounds outside the updates are known to exist.
CVE-2021-32653
Nextcloud Server is a Nextcloud package that handles data storage. Nex ...
CVE-2021-22878
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.
CVE-2021-22878
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2021-32656 Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate server user added as a federated share. This happens because Nextcloud supports sharing registered users with other Nextcloud servers, which can be done automatically when selecting the "Add server automatically once a federated share was created successfully" setting. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2 As a workaround, disable "Add server automatically once a federated share was created successfully" in the Nextcloud settings. | CVSS3: 8.6 | 0% Низкий | около 4 лет назад |
| CVE-2021-32656 Nextcloud Server is a Nextcloud package that handles data storage. A v ... | CVSS3: 8.6 | 0% Низкий | около 4 лет назад |
| CVE-2021-32655 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and tries to remove the "Create" privileges of this unexpected share, Nextcloud server would silently grant the share read privileges. The vulnerability is patched in versions 19.0.11, 20.0.10 and 21.0.2. No workarounds are known to exist. | CVSS3: 3.5 | 0% Низкий | около 4 лет назад |
| CVE-2021-32655 Nextcloud Server is a Nextcloud package that handles data storage. In ... | CVSS3: 3.5 | 0% Низкий | около 4 лет назад |
| CVE-2021-32654 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link. Users can upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a workaround, disable federated file sharing. | CVSS3: 8.1 | 0% Низкий | около 4 лет назад |
| CVE-2021-32654 Nextcloud Server is a Nextcloud package that handles data storage. In ... | CVSS3: 8.1 | 0% Низкий | около 4 лет назад |
| CVE-2021-32653 Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workarounds outside the updates are known to exist. | CVSS3: 2.7 | 0% Низкий | около 4 лет назад |
| CVE-2021-32653 Nextcloud Server is a Nextcloud package that handles data storage. Nex ... | CVSS3: 2.7 | 0% Низкий | около 4 лет назад |
| CVE-2021-22878 Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`. | CVSS3: 4.8 | 0% Низкий | больше 4 лет назад |
| CVE-2021-22878 Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site ... | CVSS3: 4.8 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу