ALT-PU-2019-1414-1 — nextcloud

CVE-2018-16464

MEDIUM5.7

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.

Опубликовано: 2018-10-30Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS 3.xСРЕДНЯЯ 5.7

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Ссылки

CVE-2018-16465

MEDIUM5.3

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.

Опубликовано: 2018-10-30Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Ссылки

CVE-2018-16467

MEDIUM5.3

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.

Опубликовано: 2018-10-30Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Ссылки

CVE-2019-15612

MEDIUM5.9

A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.

Опубликовано: 2020-02-04Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 3.2

CVSS:2.0/AV:L/AC:L/Au:S/C:P/I:P/A:N

CVSS 3.xСРЕДНЯЯ 5.9

CVSS:3.x/CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Ссылки

CVE-2019-5449

MEDIUM4.3

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events.

Опубликовано: 2019-07-30Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS 3.xСРЕДНЯЯ 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Ссылки

CVE-2020-8121

HIGH8.1

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.

Опубликовано: 2020-02-04Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS 3.xВЫСОКАЯ 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Ссылки

Обновление пакета nextcloud в ветке sisyphus

Закрытые проблемы (6)

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.

A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events.

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.