Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Files Drop public link can be added as federated share
Vulnerability Description
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and tries to remove the "Create" privileges of this unexpected share, Nextcloud server would silently grant the share read privileges. The vulnerability is patched in versions 19.0.11, 20.0.10 and 21.0.2. No workarounds are known to exist.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
非预期数据类型处理不恰当
Vulnerability Title
Nextcloud 安全漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud Server存在安全漏洞,该漏洞源于当共享用户打开共享面板并试图删除此意外共享的“Create”特权时,Nextcloud服务器将静默地授予该共享读取特权。攻击者可利用该漏洞将Files Drop链接转换为联邦共享,这将导致共享用户的UI端出现问题。以下产品和版本受到影响:Nextcloud Server 19.0.11、20.0.10或21.0.2之前的版本。
CVSS Information
N/A
Vulnerability Type
N/A