Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OAuth2 authorization codes are valid indefinetly in Nextcloud server
Vulnerability Description
Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no longer be authenticated. To exploit this vulnerability an attacker would need to intercept an OAuth code from a user session. It is recommended that the Nextcloud Server is upgraded to 28.0.0. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Nextcloud 代码问题漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud server 28.0.0之前版本存在代码问题漏洞,该漏洞源于OAuth2授权代码无限期有效,导致攻击者可以随时使用该代码进行身份验证。
CVSS Information
N/A
Vulnerability Type
N/A