CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-30539 – Users can set up workflows using restricted and invisible system tags in Nextcloud
https://notcve.org/view.php?id=CVE-2023-30539
17 Apr 2023 — Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Server is upgraded to 24.0.11 or 25.0.5, the Nextcloud Enterprise Server to 21.0.9.11, 22.2.10.11, 23.0.12.6, 24.0.11 or 25.0.5, and the Nextcloud Files automated tagging app to 1.11.1, 1.12.1, 1.13.1, 1.14.2, 1.15.3 or... • https://github.com/nextcloud/files_automatedtagging/pull/705 • CWE-284: Improper Access Control •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-28999 – Nextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders
https://notcve.org/view.php?id=CVE-2023-28999
04 Apr 2023 — Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files. This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available. • https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf • CWE-311: Missing Encryption of Sensitive Data CWE-325: Missing Cryptographic Step •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 2CVE-2023-28834 – Full path of data directory exposed to Nextcloud server users
https://notcve.org/view.php?id=CVE-2023-28834
03 Apr 2023 — Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get the full data directory path of the Nextcloud server from an API endpoint. By itself this information is not problematic as it can also be guessed for most common setups, but it could speed up other unknown attacks i... • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5w64-6c42-rgcv • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28844 – User without download rights can download older version of that file in nextcloud server
https://notcve.org/view.php?id=CVE-2023-28844
31 Mar 2023 — Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w47p-f66h-h2vj • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-28835 – Insecure randomness for default password in nextcloud
https://notcve.org/view.php?id=CVE-2023-28835
30 Mar 2023 — Nextcloud server is an open source home cloud implementation. In affected versions the generated fallback password when creating a share was using a weak complexity random number generator, so when the sharer did not change it the password could be guessable to an attacker willing to brute force it. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. This issue only affects users who do not have a password policy enabled, so enabling a password policy is an effective mitigation for... • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7w2p-rp9m-9xp9 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-28833 – Unrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server
https://notcve.org/view.php?id=CVE-2023-28833
30 Mar 2023 — Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these files by other means but this method could be exploited by tricking an admin into uploading a maliciously named file. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upg... • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ch7f-px7m-hg25 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28644 – Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server
https://notcve.org/view.php?id=CVE-2023-28644
30 Mar 2023 — Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9wmj-gp8v-477j • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-28643 – Potential share collision for recipients when caching is enabled in nextcloud server
https://notcve.org/view.php?id=CVE-2023-28643
30 Mar 2023 — Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will replace the first one instead of being renamed to `{name} (2)`. It is recommended that the Nextcloud Server is upgraded to 25.0.3 or 24.0.9. Users unable to upgrade should avoid sharing 2 folders with the same name to the same user. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhq4-4pr8-wm27 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-26482 – Scope of workflow operations is not validated in nextcloud server
https://notcve.org/view.php?id=CVE-2023-26482
30 Mar 2023 — Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, invoking webhooks or running scripts on the server. Due to this combination depending on the available apps the issue can result in a RCE at the end. It is recommended that the Nextcloud Server is upgraded to 24.0.... • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28646 – App lockout in nextcloud Android app can be bypassed via thirdparty apps
https://notcve.org/view.php?id=CVE-2023-28646
30 Mar 2023 — Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta information like sharer, sharees and activity of files. It is recommended that the Nextcloud Android app is upgraded to 3.24.1. There are no known workarounds for this vulnerability. • https://github.com/nextcloud/android/pull/11242 • CWE-281: Improper Preservation of Permissions CWE-287: Improper Authentication •