Nickvergessen

Nome do Software Vulnerável e Versões Afetadas: Versões do Nextcloud Server anteriores a 29.0.15, 30.0.9 e 31.0.3 Versões do Nextcloud Enterprise Server anteriores a 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9 e 31.0.3 Descrição: O problema refere-se a uma falha no gerenciamento de sessão. Quando o servidor está configurado com `remember login cookie lifetime` definido como `0`, a confirmação do segundo fator é ignorada após um login bem-sucedido com nome de usuário e senha, assim que a sessão expira na página de seleção do segundo fator e a página é recarregada. Recomendações: Para versões do Nextcloud Server anteriores a 29.0.15, 30.0.9 e 31.0.3, atualize para a versão 29.0.15, 30.0.9 ou 31.0.3. Para versões do Nextcloud Enterprise Server anteriores a 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9 e 31.0.3, atualize para a versão 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9 ou 31.0.3. Como solução temporária, defina o `remember login cookie lifetime` no config.php para um valor diferente de `0`, por exemplo, `900`. A administração do sistema pode excluir as sessões afetadas.

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 30.0.2 Nextcloud Server versions prior to 29.0.9 Nextcloud Server versions prior to 28.0.1 Nextcloud Enterprise Server versions prior to 30.0.2 Nextcloud Enterprise Server versions prior to 29.0.9 Nextcloud Groupfolders app versions prior to 18.0.3 Nextcloud Groupfolders app versions prior to 17.0.5 Nextcloud Groupfolders app versions prior to 16.0.11 Description: The issue concerns the absence of quota checking on attachments in Nextcloud Server and Nextcloud Groupfolders app, allowing logged-in users to upload files exceeding the group folder quota. Recommendations: For Nextcloud Server version prior to 30.0.2, update to version 30.0.2 or later. For Nextcloud Server version prior to 29.0.9, update to version 29.0.9 or later. For Nextcloud Server version prior to 28.0.1, update to version 28.0.1 or later. For Nextcloud Enterprise Server version prior to 30.0.2, update to version 30.0.2 or later. For Nextcloud Enterprise Server version prior to 29.0.9, update to version 29.0.9 or later. For Nextcloud Groupfolders app version prior to 18.0.3, update to version 18.0.3 or later. For Nextcloud Groupfolders app version prior to 17.0.5, update to version 17.0.5 or later. For Nextcloud Groupfolders app version prior to 16.0.11, update to version 16.0.11 or later.

Nome do Software Vulnerável e Versões Afetadas: Versões do Nextcloud Desktop anteriores à 3.15 Descrição: O problema afeta o Nextcloud Desktop, permitindo que aplicativos de terceiros criem compartilhamentos por link para quase todos os dados via API de socket. Esses compartilhamentos podem então ser enviados para um serviço externo. Recomendações: Para versões anteriores à 3.15, atualize para a versão 3.15 para resolver o problema. Como medida temporária de contorno, considere restringir o acesso à API de socket até que a atualização seja aplicada.

Nome do Software Vulnerável e Versões Afetadas: Versões do Nextcloud Server anteriores a 28.0.13 Versões do Nextcloud Server anteriores a 29.0.10 Versões do Nextcloud Server anteriores a 30.0.3 Versões do Nextcloud Enterprise Server anteriores a 28.0.13 Versões do Nextcloud Enterprise Server anteriores a 29.0.10 Versões do Nextcloud Enterprise Server anteriores a 30.0.3 Descrição: O Nextcloud Server é um sistema de nuvem pessoal auto-hospedado. Um endpoint atualmente não utilizado para verificar um destinatário de compartilhamento não foi protegido corretamente, permitindo requisições de proxy para outro servidor. Não há soluções alternativas conhecidas disponíveis. Recomendações: Para versões do Nextcloud Server anteriores a 28.0.13, atualize para a versão 28.0.13 ou posterior. Para versões do Nextcloud Server anteriores a 29.0.10, atualize para a versão 29.0.10 ou posterior. Para versões do Nextcloud Server anteriores a 30.0.3, atualize para a versão 30.0.3 ou posterior. Para versões do Nextcloud Enterprise Server anteriores a 28.0.13, atualize para a versão 28.0.13 ou posterior. Para versões do Nextcloud Enterprise Server anteriores a 29.0.10, atualize para a versão 29.0.10 ou posterior. Para versões do Nextcloud Enterprise Server anteriores a 30.0.3, atualize para a versão 30.0.3 ou posterior.

**Nome do software vulnerável e versões afetadas** Nextcloud Desktop Client, versões 3.13.1 a 3.13.3 **Descrição** No Nextcloud Desktop Client para Linux, os arquivos sincronizados entre o servidor e o cliente podem passar a ser graváveis ou legíveis por todos. Esse problema foi corrigido na versão 3.13.4. **Recomendações** Para as versões 3.13.1 a 3.13.3, atualize para a versão 3.13.4 para resolver o problema. Como solução temporária, considere restringir o acesso a arquivos confidenciais até que a atualização seja aplicada.

Nome do software vulnerável e versões afetadas: Versões do Nextcloud Server anteriores à 22.2.11 Versões do Nextcloud Server anteriores à 23.0.11 Versões do Nextcloud Server anteriores à 24.0.6 Versões do Nextcloud Enterprise Server anteriores à 22.2.11 Versões do Nextcloud Enterprise Server anteriores à 23.0.11 Versões do Nextcloud Enterprise Server anteriores à 24.0.6 Descrição: O problema está relacionado ao gerenciamento inseguro de privilégios no Nextcloud Server e no Nextcloud Enterprise Server. Isso pode permitir que um invasor remoto divulgue informações protegidas. Quando um servidor está configurado para permitir o compartilhamento apenas com usuários que estão nos próprios grupos, após um usuário ser removido de um grupo, os itens compartilhados anteriormente não eram desmarcados. Recomendações: Para versões do Nextcloud Server anteriores à 22.2.11, atualize para a versão 22.2.11 ou posterior. Para versões do Nextcloud Server anteriores à 23.0.11, atualize para a versão 23.0.11 ou posterior. Para versões do Nextcloud Server anteriores à 24.0.6, atualize para a versão 24.0.6 ou posterior. Para versões do Nextcloud Enterprise Server anteriores à 22.2.11, atualize para a versão 22.2.11 ou posterior. Para versões do Nextcloud Enterprise Server anteriores à 23.0.11, atualize para a versão 23.0.11 ou posterior. Para versões do Nextcloud Enterprise Server anteriores à 24.0.6, atualize para a versão 24.0.6 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do aplicativo Nextcloud files Zip anteriores à 1.2.1 Versões do aplicativo Nextcloud files Zip anteriores à 1.4.1 Versões do aplicativo Nextcloud files Zip anteriores à 1.5.0 **Descrição** O aplicativo Nextcloud files Zip é uma ferramenta para criar arquivos zip a partir de um ou vários arquivos dentro do Nextcloud. Nas versões afetadas, os usuários podem baixar arquivos “somente para visualização” compactando a pasta completa. **Recomendações** Para versões anteriores à 1.2.1, atualize para a versão 1.2.1 ou posterior. Para versões anteriores à 1.4.1, atualize para a versão 1.4.1 ou posterior. Para versões anteriores à 1.5.0, atualize para a versão 1.5.0 ou posterior. Como solução temporária, considere desativar o aplicativo de compactação de arquivos até que um patch esteja disponível.

**Name of the Vulnerable Software and Affected Versions** Nextcloud versions prior to 25.0.11 Nextcloud versions prior to 26.0.6 Nextcloud versions prior to 27.1.0 **Description** The issue is related to the use of Memcached as `memcache.distributed` in Nextcloud, which can cause the rate limiting on the server to be reset unexpectedly, leading to the rate count being reset earlier than intended. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions prior to 25.0.11, upgrade to version 25.0.11 or later. For versions prior to 26.0.6, upgrade to version 26.0.6 or later. For versions prior to 27.1.0, upgrade to version 27.1.0 or later. As a temporary workaround for users unable to upgrade, change the config setting `memcache.distributed` to `OCMemcacheRedis` and install Redis instead of Memcached.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Talk versions prior to 15.0.8 Nextcloud Talk versions prior to 16.0.6 Nextcloud Talk versions prior to 17.1.1 **Description** The issue concerns the brute force protection of public talk conversation passwords in Nextcloud Talk, a chat module for the Nextcloud server platform. In affected versions, this protection can be bypassed due to an endpoint validating the conversation password without registering brute force attempts. **Recommendations** For versions prior to 15.0.8, upgrade to version 15.0.8. For versions prior to 16.0.6, upgrade to version 16.0.6. For versions prior to 17.1.1, upgrade to version 17.1.1.

**Name of the Vulnerable Software and Affected Versions** PHP versions 8.0.* through 8.0.29 PHP versions 8.1.* through 8.1.21 PHP versions 8.2.* through 8.2.7 **Description** The issue is related to the way PHP's XML functions rely on libxml global state to track configuration variables. This state can be changed by other modules, such as ImageMagick, within the same process, potentially leading to the disclosure of local files accessible to PHP. The vulnerable state may persist across many requests until the process is shut down. **Recommendations** For PHP versions 8.0.* through 8.0.29, update to version 8.0.30 or later. For PHP versions 8.1.* through 8.1.21, update to version 8.1.22 or later. For PHP versions 8.2.* through 8.2.7, update to version 8.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 25.0.6 Nextcloud Server versions prior to 26.0.1 **Description** A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account, the previous session would be continued and the attacker would be authenticated as the previously logged in user. This issue is related to incorrect session expiration. **Recommendations** For Nextcloud Server versions prior to 25.0.6, upgrade to 25.0.6 to resolve the issue. For Nextcloud Server versions prior to 26.0.1, upgrade to 26.0.1 to resolve the issue. As a temporary workaround, consider clearing cookies manually after logout to prevent session continuation.

**Name of the Vulnerable Software and Affected Versions** user oidc app versions prior to 1.3.2 **Description** The user oidc app, an OpenID Connect user backend for Nextcloud, has an issue where authentication can be broken or bypassed. **Recommendations** For versions prior to 1.3.2, upgrade the Nextcloud user oidc app to version 1.3.2.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Android versions 3.7.0 through 3.24.0 **Description** The Nextcloud Android app has a security issue that allows an attacker with access to an unlocked physical device to bypass the Pin/passcode protection using a third-party app. This enables the attacker to view meta information such as sharer, sharees, and activity of files. **Recommendations** For versions 3.7.0 through 3.24.0, upgrade the Nextcloud Android app to version 3.24.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 24.0.10 Nextcloud Server versions prior to 25.0.4 **Description** The issue is related to a missing scope validation in the Nextcloud server, allowing users to create workflows designed for administrators only. Some workflows can lead to remote code execution (RCE) by invoking scripts, generating PDFs, or running scripts on the server. The combination of available apps can result in RCE. **Recommendations** For Nextcloud Server versions prior to 24.0.10, upgrade to 24.0.10. For Nextcloud Server versions prior to 25.0.4, upgrade to 25.0.4. For users unable to upgrade, disable the `workflow scripts` and `workflow pdf converter` apps as a mitigation.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 24.0.10 Nextcloud Server versions prior to 25.0.4 **Description** The issue is related to the generated fallback password when creating a share in Nextcloud Server, which uses a weak complexity random number generator. This makes the password guessable to an attacker willing to brute force it, especially when the sharer does not change the password. The vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information. It only affects users who do not have a password policy enabled. **Recommendations** For Nextcloud Server versions prior to 24.0.10, upgrade to 24.0.10. For Nextcloud Server versions prior to 25.0.4, upgrade to 25.0.4. As a temporary workaround for users unable to upgrade, enable a password policy to mitigate the issue.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 24.0.10 Nextcloud Server versions prior to 25.0.4 **Description** The issue is related to the lack of authentication attempt limits in Nextcloud Server, allowing a malicious user to try to reset another user's password and then brute force the password reset token. Although brute forcing the 62^21 combinations for the password reset token would require significant compute resources, it is still a potential risk. There are no known real-world incidents or estimated numbers of affected devices mentioned. **Recommendations** For versions prior to 24.0.10, upgrade to 24.0.10. For versions prior to 25.0.4, upgrade to 25.0.4. As a temporary workaround, consider implementing throttling for password reset attempts, similar to the fix introduced in commit `704eb3aa`, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Desktop Client versions prior to 3.6.3 **Description** The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. It is missing sanitisation on qml labels used for basic HTML elements such as `strong`, `em`, and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. **Recommendations** For versions prior to 3.6.3, upgrade to version 3.6.3 to resolve the issue. As a temporary workaround, consider restricting the use of qml labels in the desktop client until a patch is available. However, since there are no known workarounds for this issue, upgrading to the recommended version is the best course of action.

**Name of the Vulnerable Software and Affected Versions** Nextcloud server versions 25.0.0 through 25.0.2 **Description** The issue is related to an inefficient fetch operation that may impact server performance and/or lead to a denial of service. This can be exploited by a remote attacker to initiate a denial of service attack. The vulnerability is associated with uncontrolled resource consumption. **Recommendations** For Nextcloud server versions 25.0.0 through 25.0.2, upgrade to version 25.0.3 to address the issue. There are no known workarounds for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nextcloud server versions prior to 25.0.2 Nextcloud server versions prior to 24.0.8 Nextcloud server versions prior to 23.0.12 **Description** The issue concerns the `OCFilesNodeFolder::getFullPath()` function, which was validating and normalizing strings in the wrong order. This function is used in the `newFile()` and `newFolder()` items, potentially allowing the creation of paths outside of one's own space and overwriting data from other users with crafted paths. **Recommendations** For versions prior to 25.0.2, upgrade to version 25.0.2 or later. For versions prior to 24.0.8, upgrade to version 24.0.8 or later. For versions prior to 23.0.12, upgrade to version 23.0.12 or later.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Deck versions prior to 1.6.5 Nextcloud Deck versions prior to 1.7.3 Nextcloud Deck versions prior to 1.8.2 **Description** Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated, potentially causing a denial of service when performed multiple times. **Recommendations** For versions prior to 1.6.5, upgrade to version 1.6.5 or later. For versions prior to 1.7.3, upgrade to version 1.7.3 or later. For versions prior to 1.8.2, upgrade to version 1.8.2 or later.