Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Server Custom defined credentials of external storages are sent back to the frontend
Vulnerability Description
Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2 and Nextcloud Enterprise Server is upgraded to 25.0.13.14, 26.0.13.10, 27.1.11.10, 28.0.12, 29.0.9 or 30.0.2.
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Nextcloud 信息泄露漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud Server存在信息泄露漏洞,该漏洞源于在设置用户或管理员定义的具有固定凭据的外部存储后,API 会返回这些凭据并将其再次添加到前端,这样当攻击者已经可以访问用户的活动会话时,就可以以纯文本形式读取它们。
CVSS Information
N/A
Vulnerability Type
N/A