Nextcloud Security-Advisories vulnerabilities

CVE-2023-39954 [HIGH] CWE-311 CVE-2023-39954: user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Start user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are availab

CVE-2023-39962 [HIGH] CWE-284 CVE-2023-39962: Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in ver Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external storage, making them inaccessible for everyone else as well.

CVE-2023-39957 [HIGH] CWE-22 CVE-2023-39957: Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Pri Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workaround

CVE-2023-39961 [MEDIUM] CWE-284 CVE-2023-39961: Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in ver Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4

CVE-2023-39955 [MEDIUM] CWE-79 CVE-2023-39955: Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 a Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.

CVE-2023-39953 [MEDIUM] CWE-303 CVE-2023-39953: user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Start user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No

CVE-2023-39958 [MEDIUM] CWE-307 CVE-2023-39958: Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in ver Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1

CVE-2023-39959 [MEDIUM] CWE-284 CVE-2023-39959: Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in ver Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for the victim. Nextcloud Server versions 25.0.9, 26.0.4,

CVE-2023-39952 [MEDIUM] CWE-284 CVE-2023-39952: Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in ver Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permissions would block access to the subfolder. Nextcloud

CVE-2023-35172 [CRITICAL] CWE-307 CVE-2023-35172: NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted p NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.

CVE-2023-35928 [HIGH] CWE-274 CVE-2023-35928: Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In N Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.

CVE-2023-35927 [HIGH] CWE-284 CVE-2023-35927: NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted p NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7,

CVE-2023-35173 [MEDIUM] CWE-284 CVE-2023-35173: Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encrypti Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.

CVE-2023-35171 [MEDIUM] CWE-601 CVE-2023-35171: NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted p NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2

CVE-2023-32320 [HIGH] CWE-307 CVE-2023-32320: Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When m Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to send as many requests the server could handle in parallel

CVE-2023-33183 [MEDIUM] CWE-285 CVE-2023-33183: Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some interna Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3

CVE-2023-33182 [MEDIUM] CWE-20 CVE-2023-33182: Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob (in memory data) that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It is recommended that the Contacts app is upgraded to 5.

CVE-2023-33184 [MEDIUM] CWE-918 CVE-2023-33184: Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to servi Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.

CVE-2023-32319 [MEDIUM] CWE-307 CVE-2023-32319: Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26

CVE-2023-32318 [MEDIUM] CWE-613 CVE-2023-32318: Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Se Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be a