Nextcloud Security-Advisories vulnerabilities

CVE-2022-24886 [LOW] CWE-200 CVE-2022-24886: Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In v Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known

CVE-2022-24838 [CRITICAL] CWE-74 CVE-2022-24838: Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the `RCPT TO: ` SMTP command and begin injecting arbitrary SMTP comm

CVE-2021-41233 [MEDIUM] CWE-862 CVE-2021-41233: Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Du Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an attacker requires knowledge of the sharing link. It is

CVE-2022-24741 [MEDIUM] CWE-400 CVE-2022-24741: Nextcloud server is an open source, self hosted cloud style services platform. In affected versions Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade

CVE-2021-41241 [MEDIUM] CWE-863 CVE-2021-41241: Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting "advanced permissions" on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking

CVE-2021-41239 [MEDIUM] CWE-200 CVE-2021-41239: Nextcloud server is a self hosted system designed to provide cloud style services. In affected versi Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded

CVE-2021-41180 [MEDIUM] CWE-601 CVE-2021-41180: Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recomm

CVE-2021-41181 [LOW] CWE-200 CVE-2021-41181: Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Androi Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the us

CVE-2021-41166 [MEDIUM] CWE-276 CVE-2021-41166: The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANAGE_DOCUMENTS` permission may view image thumbnails for images it does not have permission to view. Ver

CVE-2021-39222 [MEDIUM] CWE-79 CVE-2021-39222: Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was v Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not expl

CVE-2021-39225 [HIGH] CWE-639 CVE-2021-39225: Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcl Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known workarounds aside from upgrading.

CVE-2021-41177 [HIGH] CWE-799 CVE-2021-41177: Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, a Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache b

CVE-2021-39224 [MEDIUM] CWE-200 CVE-2021-39224: Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline applicati Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/sh

CVE-2021-39223 [MEDIUM] CWE-200 CVE-2021-39223: Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments applicat Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/My

CVE-2021-41179 [MEDIUM] CWE-304 CVE-2021-41179: Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 2 Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn't enforced for pages marked as public. Any page marked as `@PublicPage` could thus be accessed with a valid user session that isn't authenticated. This particularly affects the Nextcloud T

CVE-2021-41178 [MEDIUM] CWE-23 CVE-2021-41178: Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, a Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG fil

CVE-2021-39221 [MEDIUM] CWE-79 CVE-2021-39221: Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application p Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcl

CVE-2021-39220 [LOW] CWE-20 CVE-2021-39220: Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.

CVE-2021-32802 [CRITICAL] CWE-829 CVE-2021-32802: Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image p Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several security concerns with passing user-generated content to

CVE-2021-37628 [HIGH] CWE-639 CVE-2021-37628: Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or