CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39957 – Path traversal allows tricking the Talk Android app into writing files into it's root directory
https://notcve.org/view.php?id=CVE-2023-39957
Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available. Nextcloud Talk Android permite a los usuarios realizar llamadas de vídeo y audio a través de Nextcloud en Android. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36f7-93f3-mcfj https://github.com/nextcloud/talk-android/pull/3064 https://hackerone.com/reports/1997029 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39955 – Notes attachment render HTML in preview mode
https://notcve.org/view.php?id=CVE-2023-39955
Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available. Notes es una aplicación de toma de notas para Nextcloud, una plataforma en la nube de código abierto. • https://github.com/nextcloud/notes/pull/1031 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6g88-37x7-4vw6 https://hackerone.com/reports/1924355 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39954 – user_oidc app stores client secret unencrypted in database
https://notcve.org/view.php?id=CVE-2023-39954
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are available. user_oidc proporciona el backend de usuario de conexión OIDC para Nextcloud, una plataforma en la nube de código abierto. A partir de la versión 1.0.0 y antes de la versión 1.3.3, un atacante que haya obtenido al menos acceso de lectura a una instantánea de la base de datos puede suplantar la identidad del servidor Nextcloud ante servidores vinculados. user_oidc 1.3.3 contiene un parche. No se conocen soluciones disponibles. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3f92-5c8p-f6gq https://github.com/nextcloud/user_oidc/pull/636 https://hackerone.com/reports/1994328 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39953 – Issuer not verified from obtained token in user_oidc
https://notcve.org/view.php?id=CVE-2023-39953
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No known workarounds are available. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xx3h-v363-q36j https://github.com/nextcloud/user_oidc/pull/642 https://hackerone.com/reports/2021684 • CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-39952 – Advanced permissions not respected when copying entire group folders
https://notcve.org/view.php?id=CVE-2023-39952
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permissions would block access to the subfolder. Nextcloud Server versions 25.0.8, 26.0.3, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1 contain a patch for this issue. No known workarounds are available. • https://github.com/nextcloud/groupfolders/issues/1906 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-cq8w-v4fh-4rjq https://github.com/nextcloud/server/pull/38890 https://hackerone.com/reports/1808079 • CWE-284: Improper Access Control •