CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22403 – OAuth2 authorization codes are valid indefinetly in Nextcloud server
https://notcve.org/view.php?id=CVE-2024-22403
Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no longer be authenticated. To exploit this vulnerability an attacker would need to intercept an OAuth code from a user session. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wppc-f5g8-vx36 https://github.com/nextcloud/server/pull/40766 https://hackerone.com/reports/1784162 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S6PN4GVJ5TZUC6WSG4X3ZA3AMPBEKNAX • CWE-613: Insufficient Session Expiration •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-35927 – Nextcloud system addressbooks can be modified by malicious trusted server
https://notcve.org/view.php?id=CVE-2023-35927
NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, when two server are registered as trusted servers for each other and successfully exchanged the share secrets, the malicious server could modify or delete VCards in the system addressbook on the origin server. This would impact the available and shown information in certain places, such as the user search and avatar menu. If a manipulated user modifies their own data in the personal settings the entry is fixed again. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. A workaround is available. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h7f7-535f-7q87 https://github.com/nextcloud/server/pull/38247 https://hackerone.com/reports/1976754 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-25579 – Directory traversal in Nextcloud server
https://notcve.org/view.php?id=CVE-2023-25579
Nextcloud server is a self hosted home cloud product. In affected versions the `OC\Files\Node\Folder::getFullPath()` function was validating and normalizing the string in the wrong order. The function is used in the `newFile()` and `newFolder()` items, which may allow to creation of paths outside of ones own space and overwriting data from other users with crafted paths. This issue has been addressed in versions 25.0.2, 24.0.8, and 23.0.12. Users are advised to upgrade. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-273v-9h7x-p68v https://github.com/nextcloud/server/pull/35074 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-25162 – Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs
https://notcve.org/view.php?id=CVE-2023-25162
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enterprise Server 24.0.8 and 23.0.12 contain a patch for this issue. No known workarounds are available. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m https://github.com/nextcloud/server/pull/34160 https://hackerone.com/reports/1702864 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25161 – Nextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails
https://notcve.org/view.php?id=CVE-2023-25161
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact when using external email services. Users should upgrade to Nextcloud Server 25.0.1, 24.0.8, or 23.0.12 or Nextcloud Enterprise Server 25.0.1, 24.0.8, or 23.0.12 to receive a patch. No known workarounds are available. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-492h-596q-xr2f https://github.com/nextcloud/server/pull/34632 https://hackerone.com/reports/1691195 • CWE-284: Improper Access Control •