CVE-2021-41179 – Two-Factor Authentication not enforced for pages marked as public
https://notcve.org/view.php?id=CVE-2021-41179
Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn't enforced for pages marked as public. Any page marked as `@PublicPage` could thus be accessed with a valid user session that isn't authenticated. This particularly affects the Nextcloud Talk application, as this could be leveraged to gain access to any private chat channel without going through the Two-Factor flow. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7hvh-rc6f-px23 https://github.com/nextcloud/server/pull/28725 https://hackerone.com/reports/1322865 • CWE-304: Missing Critical Step in Authentication •
CVE-2021-41178 – File Traversal affecting SVG files on Nextcloud Server
https://notcve.org/view.php?id=CVE-2021-41178
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jp9c-vpr3-m5rf https://github.com/nextcloud/server/pull/28726 https://hackerone.com/reports/1302155 https://security.gentoo.org/glsa/202208-17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-31816
https://notcve.org/view.php?id=CVE-2021-31816
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. Cuando se configura Octopus Server, si está configurado con una base de datos SQL externa, en la configuración inicial la contraseña de la base de datos se escribe en el archivo de registro OctopusServer.txt en texto plano • https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-31816%29.2121793537.html • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2021-31818
https://notcve.org/view.php?id=CVE-2021-31818
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables. Unas versiones afectadas de Octopus Server son propensas a una vulnerabilidad de inyección SQL autenticada en la interfaz Events REST API porque los datos suministrados por el usuario en la petición de la API no están parametrizados correctamente. Una explotación de esta vulnerabilidad podría permitir un acceso no autorizado a las tablas de la base de datos • https://advisories.octopus.com/adv/2021-04---SQL-Injection-in-the-Events-REST-API-%28CVE-2021-31818%29.2013233248.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-30183
https://notcve.org/view.php?id=CVE-2021-30183
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext. Un almacenamiento de texto sin cifrar de información confidencial en múltiples versiones de Octopus Server, donde en determinadas situaciones cuando se ejecutan procesos de importación o exportación, la contraseña usada para cifrar y descifrar valores confidenciales se escribiría en los registros en texto plano • https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html https://github.com/OctopusDeploy/Issues • CWE-312: Cleartext Storage of Sensitive Information •