Security Advisories · nextcloud/security-advisories · GitHub

Security Advisories

View information about security vulnerabilities from this repository's maintainers.

Audit log is not properly logging unsetting of share expiration date
GHSA-fxpq-wq7c-vppf published Jul 12, 2021 by LukasReschke

Low
Filenames not escaped by default in controllers using DownloadResponse
GHSA-3hjp-26x8-mhf6 published Jul 12, 2021 by LukasReschke

Low
Ratelimit not applied on OCS API responses
GHSA-48rx-3gmf-g74j published Jul 12, 2021 by LukasReschke

Low
Sensitive data may not be removed from storage on account removal
GHSA-g5gf-rmhm-wpxw published Jun 8, 2021 by LukasReschke

Low
Malicious user could break user administration page
GHSA-fx62-q47f-f665 published Jun 1, 2021 by LukasReschke

Low
Trusted servers exchange can be triggered by attacker
GHSA-j875-vr2q-h6x6 published Jun 1, 2021 by LukasReschke

Moderate
Session Fixation in Nextcloud Talk
GHSA-p6h7-84v4-827r published Jun 15, 2021 by LukasReschke

Low
Nextcloud deck sharee search leaks searches to lookupserver by default
GHSA-h8f6-wg82-6p7r published Jun 1, 2021 by LukasReschke

Low
Default Nextcloud Server and iOS Client leak sharee searches to Nextcloud
GHSA-m7w4-cvjr-76mh published Jun 1, 2021 by LukasReschke

Low
Files Drop public link can be added as federated share
GHSA-grph-cm44-p3jv published Jun 1, 2021 by LukasReschke

Low