Security Advisories · nextcloud/security-advisories · GitHub

Security Advisories

View information about security vulnerabilities from this repository's maintainers.

OAuth2 client secrets were stored in a recoverable way
GHSA-fvpc-8hq6-jgq2 published Nov 15, 2024 by nickvergessen

Low
Missing password confirmation when changing external storage options
GHSA-vrhf-532w-99rg published Nov 15, 2024 by nickvergessen

Moderate
Global credentials of external storages are sent back to the frontend
GHSA-x9q3-c7f8-3rcg published Nov 15, 2024 by nickvergessen

Moderate
Shares are not removed when user is limited to share with in their groups and being removed from one of them
GHSA-35gc-jc6x-29cm published Nov 15, 2024 by nickvergessen

Low
Incomplete sanitization of SVG files allows to embed other images into previews
GHSA-5m5g-hw8c-2236 published Nov 15, 2024 by nickvergessen

Moderate
User can copy folder that contain files that are blocked by the files access control
GHSA-g8pr-g25r-58xj published Nov 15, 2024 by nickvergessen

Moderate
Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares
GHSA-gxph-5m4j-pfmj published Nov 15, 2024 by nickvergessen

Low
Open redirection when logging in with User OIDC
GHSA-784j-x2g5-4g7q published Nov 15, 2024 by nickvergessen

Low
Authorization Bypass Through User-Controlled Key in Tables
GHSA-4qqp-9h2g-7qg7 published Nov 15, 2024 by nickvergessen

Moderate
Share information of Tables app is not limited to affected users
GHSA-rgvc-xr2w-qq45 published Nov 15, 2024 by nickvergessen

Low