Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Server's global credentials of external storages are sent back to the frontend
Vulnerability Description
Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1.
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Nextcloud 信息泄露漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud存在信息泄露漏洞,该漏洞源于在服务器上存储“全局凭据”后,API 会返回它们并再次将它们添加到前端,这样当攻击者已经可以访问用户的活动会话时,就可以以纯文本形式读取它们。
CVSS Information
N/A
Vulnerability Type
N/A