Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Server's OAuth2 client secrets were stored in a recoverable way
Vulnerability Description
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7.
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
敏感信息的不安全存储
Vulnerability Title
Nextcloud 安全漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud存在安全漏洞,该漏洞源于OAuth2 客户端机密以可恢复的方式存储,因此攻击者只要访问数据库备份和 Nextcloud 配置文件,就能够解密它们。
CVSS Information
N/A
Vulnerability Type
N/A