CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-25159 – Nextcloud Server previews are accessible without a watermark
https://notcve.org/view.php?id=CVE-2023-25159
13 Feb 2023 — Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get appl... • https://github.com/nextcloud/richdocuments/pull/2579 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-41970 – Nextcloud Server's disabled download shares still allow download through preview images
https://notcve.org/view.php?id=CVE-2022-41970
01 Dec 2022 — Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9mh6-cph8-772c • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •