Nextcloud Richdocuments vulnerabilities

CVE-2023-28645 [MEDIUM] CWE-284 CVE-2023-28645: Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3

CVE-2023-25159 [MEDIUM] CWE-284 CVE-2023-25159: Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocum

CVE-2023-25150 [MEDIUM] CWE-284 CVE-2023-25150: Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected vers Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office Ap

CVE-2022-31024 [MEDIUM] CWE-284 CVE-2022-31024: richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarou

CVE-2021-39223 [MEDIUM] CWE-200 CVE-2021-39223: Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments applicat Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/My

CVE-2021-37628 [HIGH] CWE-639 CVE-2021-37628: Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or

CVE-2021-37629 [MEDIUM] CWE-200 CVE-2021-37629: Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users

CVE-2021-32748 [MEDIUM] CWE-862 CVE-2021-32748: Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web A Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform Interface") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does not result in gaining access to data that the user ha