CVE-2023-39961 – Text does not respect "Allow download" permissions
https://notcve.org/view.php?id=CVE-2023-39961
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp https://github.com/nextcloud/text/pull/4481 https://hackerone.com/reports/1965156 • CWE-284: Improper Access Control •
CVE-2023-39959 – Existence of calendars and address books can be checked by unauthenticated users
https://notcve.org/view.php?id=CVE-2023-39959
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for the victim. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g97r-8ffm-hfpj https://github.com/nextcloud/server/pull/38747 https://hackerone.com/reports/1832126 • CWE-284: Improper Access Control •
CVE-2023-39958 – Missing brute force protection on password reset token OAuth2 API controller
https://notcve.org/view.php?id=CVE-2023-39958
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vv27-g2hq-v48h https://github.com/nextcloud/server/pull/38773 https://hackerone.com/reports/1258448 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2023-39957 – Path traversal allows tricking the Talk Android app into writing files into it's root directory
https://notcve.org/view.php?id=CVE-2023-39957
Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available. Nextcloud Talk Android permite a los usuarios realizar llamadas de vídeo y audio a través de Nextcloud en Android. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36f7-93f3-mcfj https://github.com/nextcloud/talk-android/pull/3064 https://hackerone.com/reports/1997029 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-39955 – Notes attachment render HTML in preview mode
https://notcve.org/view.php?id=CVE-2023-39955
Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available. Notes es una aplicación de toma de notas para Nextcloud, una plataforma en la nube de código abierto. • https://github.com/nextcloud/notes/pull/1031 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6g88-37x7-4vw6 https://hackerone.com/reports/1924355 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •