Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Server user_ldap app logs user passwords in the log file on level debug
Vulnerability Description
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the user_ldap app logged user passwords in plaintext into the log file. If the log file was then leaked or shared in any way the users' passwords would be leaked. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. As a workaround, change config setting `loglevel` to `1` or higher (should always be higher than 1 in production environments).
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
敏感数据的明文存储
Vulnerability Title
Nextcloud 安全漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud Server 、 Nextcloud Enterprise Server 25.0.11之前、26.0.6之前和 27.1.0之前版本存在安全漏洞,该漏洞源于当日志级别设置为debug时,user_ldap 应用程序会将用户密码以明文形式记录到日志中 文件,如果日志文件被泄露或以任何方式共享,用户的密码就会被泄露。
CVSS Information
N/A
Vulnerability Type
N/A