Security Advisories · nextcloud/security-advisories · GitHub

Security Advisories

View information about security vulnerabilities from this repository's maintainers.

Attacker can obtain write access to any federated share/public link
GHSA-jf9h-v24c-22g5 published Jun 1, 2021 by LukasReschke

High
Default settings leak federated cloud ID to lookup server of all users
GHSA-396j-vqpr-qg45 published Jun 1, 2021 by LukasReschke

Low
End to end encryption folder locking is not properly protected
GHSA-3829-45wm-ww36 published Jun 1, 2021 by LukasReschke

Low
Missing permission check on email metadata retrieval
GHSA-mxx2-6rg9-v2vc published Jun 1, 2021 by LukasReschke

High
Default Nextcloud Server and Android Client leak sharee searches to Nextcloud
GHSA-22v9-q3r6-x7cj published Jun 1, 2021 by LukasReschke

Low
SSL certificate was not validated in Provider Registration Flow
GHSA-qpgp-vf4p-wcw5 published Jun 1, 2021 by LukasReschke

Moderate
Alias creation did not validate account ID
GHSA-jmgp-77jq-fjp3 published May 31, 2021 by LukasReschke

Low
Ratelimiting can be bypassed using IPv6 subnets
GHSA-2967-6mrp-gg3p published Jun 1, 2021 by LukasReschke

Low