Security Advisories · nextcloud/security-advisories · GitHub

Security Advisories

View information about security vulnerabilities from this repository's maintainers.

Mail auto configurator sends account information to `autoconfig.tld` server when no auto-configuration is possible
GHSA-vmhx-hwph-q6mc published Nov 15, 2024 by nickvergessen

High
Mail app does not respect download permissions in shares
GHSA-pwpp-fvcr-w862 published Nov 15, 2024 by nickvergessen

Low
Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty
GHSA-r4qc-m9mj-452v published Nov 15, 2024 by nickvergessen

Moderate
Desktop client created folders with world-readable and world-writable permissions on Linux
GHSA-hw3v-8vvq-5645 published Nov 15, 2024 by nickvergessen

Moderate
Code injection in Nextcloud Desktop Client for macOS
GHSA-4mf7-v63m-99p7 published Jun 14, 2024 by nickvergessen

Low
Users can delete old versions of read-only shared files
GHSA-xwgx-f37p-xh8c published Jun 14, 2024 by nickvergessen

Low
Can access comments and attachments of deleted cards
GHSA-x45g-vx69-r9m8 published Jun 14, 2024 by nickvergessen

Moderate
Can reshare read&share only folder with more permissions
GHSA-jjm3-j9xh-5xmq published Jun 14, 2024 by nickvergessen

Moderate
Notes app can be tricked into using a received share created before the user logged in
GHSA-wfqv-cx85-7rjx published Jun 14, 2024 by nickvergessen

Moderate
ID4me does not validate signature or expiration
GHSA-vw5h-29xf-g55g published Jun 14, 2024 by nickvergessen

Moderate