Log

AVG-1989 edited at 02 Jun 2021 08:20:24
Issues
CVE-2020-20445
CVE-2020-20446
CVE-2020-20448
CVE-2020-20453
CVE-2020-22015
CVE-2020-22019
CVE-2020-22021
CVE-2020-22033
+ CVE-2020-22037
CVE-2020-22037 created at 02 Jun 2021 08:20:24
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
CVE-2021-32654 edited at 01 Jun 2021 20:11:10
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jf9h-v24c-22g5
+ https://hackerone.com/reports/1170024
CVE-2021-32653 edited at 01 Jun 2021 20:10:51
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-396j-vqpr-qg45
+ https://hackerone.com/reports/1173436
CVE-2021-22915 edited at 01 Jun 2021 20:10:38
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2967-6mrp-gg3p
+ https://hackerone.com/reports/1154003
AVG-2025 edited at 01 Jun 2021 20:07:20
Severity
- Unknown
+ Medium
CVE-2021-22895 edited at 01 Jun 2021 20:07:20
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Certificate verification bypass
Description
+ Nextcloud Desktop Client before 3.3.1 wasn't verifying the SSL certificates when using the "Register with a Provider" flow.
References
+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5
+ https://hackerone.com/reports/903424
Notes
AVG-2025 created at 01 Jun 2021 20:06:47
Packages
+ nextcloud-client
Issues
+ CVE-2021-22895
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 3.2.1-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-22895 created at 01 Jun 2021 20:06:47
CVE-2021-32657 edited at 01 Jun 2021 20:04:24
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A security issue has been found in Nextcloud Server before version 21.0.2. A malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance.
References
+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fx62-q47f-f665
+ https://hackerone.com/reports/1147611
Notes
CVE-2021-32656 edited at 01 Jun 2021 20:03:26
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ A security issue has been found in Nextcloud Server before version 21.0.2. Nextcloud supports sharing of the registered users with other Nextcloud servers. Nextcloud supports adding these automated when selecting the "Add server automatically once a federated share was created successfully" setting.
+
+ As a public link can be added as federated share, an attacker can trigger this exchange if they have access to a public link, thus getting access to basic user information.
References
+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j875-vr2q-h6x6
+ https://hackerone.com/reports/1167853
Notes
CVE-2021-32655 edited at 01 Jun 2021 20:02:04
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ A security issue has been found in Nextcloud Server before version 21.0.2. An attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and tries to remove the "Create" privileges of this unexpected share, Nextcloud server would silently grant the share read privileges.
References
+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-grph-cm44-p3jv
+ https://hackerone.com/reports/1167929
Notes
AVG-2024 edited at 01 Jun 2021 20:00:41
Severity
- Low
+ High
CVE-2021-32654 edited at 01 Jun 2021 20:00:41
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary filesystem access
Description
+ A security issue has been found in Nextcloud Server before version 21.0.2. An attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link (e.g. to add malicious data into a folder, or get read access to a "Files Drop" link).
References
+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jf9h-v24c-22g5
Notes