Rtod

**Name of the Vulnerable Software and Affected Versions** richdocuments versions prior to 6.0.0 richdocuments versions prior to 5.0.4 richdocuments versions prior to 4.2.6 **Description** The issue affects NextCloud Collabra, the app for Nextcloud Office collaboration. A user could be tricked into working against a remote Office by sending them a federated share. **Recommendations** For versions prior to 6.0.0, update to version 6.0.0 or later. For versions prior to 5.0.4, update to version 5.0.4 or later. For versions prior to 4.2.6, update to version 4.2.6 or later.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Desktop Client versions prior to 3.3.0 **Description** The issue is related to the end-to-end encryption feature of the Nextcloud Desktop Client, where the client fails to check if a private key belongs to a previously downloaded public certificate. This allows a remote attacker to potentially access confidential data if the Nextcloud instance serves a malicious public key. The data would be encrypted for this key, making it accessible to a malicious actor. **Recommendations** For versions prior to 3.3.0, upgrade to Nextcloud Desktop Client version 3.3.0 to fix the issue. As a temporary workaround, consider restricting access to the API endpoint used for downloading public and private keys until the upgrade is possible. Avoid using the end-to-end encryption feature with untrusted Nextcloud instances to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Richdocuments versions prior to 3.8.3 Nextcloud Richdocuments versions prior to 4.2.0 **Description** The communication between Nextcloud Richdocuments and the Collabora Editor using the WOPI protocol was not protected by credentials or IP checks. This can result in a bypass of any enforced watermark on documents, as described on the Nextcloud Virtual Data Room website. It primarily affects the configured watermark or download protection using File Access Control. **Recommendations** For Nextcloud Richdocuments versions prior to 3.8.3, upgrade to version 3.8.3 and configure the allowlist to a list of Collabora servers. For Nextcloud Richdocuments versions prior to 4.2.0, upgrade to version 4.2.0 and configure the allowlist to a list of Collabora servers. As a temporary workaround, consider restricting access to the WOPI API until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 19.0.13 Nextcloud Server versions prior to 20.0.11 Nextcloud Server versions prior to 21.0.3 **Description** The Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date, which is supposed to be logged. **Recommendations** For versions prior to 19.0.13, update to version 19.0.13 or later. For versions prior to 20.0.11, update to version 20.0.11 or later. For versions prior to 21.0.3, update to version 21.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 19.0.13 Nextcloud Server versions prior to 20.0.11 Nextcloud Server versions prior to 21.0.3 **Description** Nextcloud Server is a package that handles data storage and supports application-specific tokens for authentication purposes. These tokens are granted to specific applications and can be configured by the user to not have any filesystem access. However, due to a lacking permission check, the tokens were able to change their own permissions, allowing filesystem limited tokens to grant themselves access to the filesystem. **Recommendations** For versions prior to 19.0.13, update to version 19.0.13 or later. For versions prior to 20.0.11, update to version 20.0.11 or later. For versions prior to 21.0.3, update to version 21.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Talk versions prior to 11.2.2 Nextcloud Talk versions prior to 11.3.0 can be simplified to the above, as versions prior to 11.2.2 already include versions prior to 11.3.0. Therefore, the simplified version is: Nextcloud Talk versions prior to 11.2.2 **Description** The issue allows a user to access any chat message sent to a previous user with a reused username. This can happen if a user is able to reuse an earlier used username. **Recommendations** For versions prior to 11.2.2, update to version 11.2.2 or later to resolve the issue. As a temporary workaround, do not allow users to choose usernames themselves, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 19.0.13 Nextcloud Server versions prior to 20.0.11 Nextcloud Server versions prior to 21.0.3 **Description** The issue is related to a lack of ratelimiting on the public DAV endpoint, which may have allowed an attacker to enumerate potentially valid share tokens or credentials. **Recommendations** For versions prior to 19.0.13, update to version 19.0.13 or later. For versions prior to 20.0.11, update to version 20.0.11 or later. For versions prior to 21.0.3, update to version 21.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 19.0.13 Nextcloud Server versions prior to 20.0.11 Nextcloud Server versions prior to 21.0.3 **Description** The issue concerns the handling of webauthn tokens in Nextcloud Server. In affected versions, webauthn tokens were not deleted after a user has been deleted. This could allow a previous user to gain access to an account if the username is reused. **Recommendations** For versions prior to 19.0.13, update to version 19.0.13 or later. For versions prior to 20.0.11, update to version 20.0.11 or later. For versions prior to 21.0.3, update to version 21.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Android Client versions prior to 3.16.1 **Description** The issue concerns the Nextcloud Android Client's handling of end-to-end encryption. When using this feature, clients download public and private keys via an API endpoint. In affected versions, the client fails to verify if a private key matches a previously downloaded public certificate. This could allow a malicious actor to serve a fake public key, enabling them to access encrypted data. **Recommendations** For versions prior to 3.16.1, update to version 3.16.1 to resolve the issue. As a temporary workaround, do not add additional end-to-end encrypted devices to a user account.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Talk versions prior to 9.0.10 Nextcloud Talk versions prior to 10.0.8 Nextcloud Talk versions prior to 11.2.2 **Description** Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk did not rotate the session cookie after a successful authentication event. **Recommendations** For versions prior to 9.0.10, upgrade to version 9.0.10. For versions prior to 10.0.8, upgrade to version 10.0.8. For versions prior to 11.2.2, upgrade to version 11.2.2.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Deck versions prior to 1.2.7 Nextcloud Deck versions prior to 1.4.1 **Description** The issue arises from an information disclosure vulnerability. When searching for sharees, the lookup server is utilized by default instead of only the local Nextcloud server, unless a global search has been explicitly chosen by the user. **Recommendations** For Nextcloud Deck versions prior to 1.2.7, update to version 1.2.7 or later to resolve the issue. For Nextcloud Deck versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nextcloud End-to-End Encryption versions prior to 1.5.3 Nextcloud End-to-End Encryption versions prior to 1.6.3 Nextcloud End-to-End Encryption versions prior to 1.7.1 **Description** The issue allows any authenticated user to lock files of other users, resulting in a denial of service. **Recommendations** For versions prior to 1.5.3, update to version 1.5.3 or later. For versions prior to 1.6.3, update to version 1.6.3 or later. For versions prior to 1.7.1, update to version 1.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Android App versions prior to 3.16.0 **Description** The issue is related to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server, unless a global search has been explicitly chosen by the user. **Recommendations** For versions prior to 3.16.0, update to version 3.16.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Android versions prior to 3.16.1 **Description** The Nextcloud Android client has a timeout issue that may prevent it from properly cleaning sensitive data when an account is removed. This could include sensitive key material, such as End-to-End encryption keys. **Recommendations** For versions prior to 3.16.1, upgrade the Nextcloud Android App to 3.16.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 **Description** The issue allows an attacker to gain write/read privileges on any Federated File Share. This can also be exploited on any public link, as public links can be added as a federated file share. **Recommendations** For versions prior to 19.0.11, upgrade to version 19.0.11 or disable federated file sharing as a workaround. For versions prior to 20.0.10, upgrade to version 20.0.10 or disable federated file sharing as a workaround. For versions prior to 21.0.2, upgrade to version 21.0.2 or disable federated file sharing as a workaround.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 **Description** The issue arises when an attacker converts a Files Drop link to a federated share, causing problems on the UI side for the sharing user. When the sharing user attempts to remove the "Create" privileges of this unexpected share, the Nextcloud server silently grants the share read privileges. **Recommendations** For versions prior to 19.0.11, update to version 19.0.11 or later. For versions prior to 20.0.10, update to version 20.0.10 or later. For versions prior to 21.0.2, update to version 21.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 **Description** A vulnerability in federated share exists in Nextcloud Server, allowing an attacker to gain access to basic information about users of a server by accessing a public link that a legitimate server user added as a federated share. This occurs because Nextcloud supports sharing registered users with other Nextcloud servers, which can be done automatically when selecting the "Add server automatically once a federated share was created successfully" setting. **Recommendations** For versions prior to 19.0.11, update to version 19.0.11 or later. For versions prior to 20.0.10, update to version 20.0.10 or later. For versions prior to 21.0.2, update to version 21.0.2 or later. As a temporary workaround, consider disabling the "Add server automatically once a federated share was created successfully" setting in the Nextcloud settings.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 **Description** The issue affects Nextcloud Server, a package handling data storage. It sends user IDs to the lookup server even when the user has no fields set to published. **Recommendations** For versions prior to 19.0.11, update to version 19.0.11 or later. For versions prior to 20.0.10, update to version 20.0.10 or later. For versions prior to 21.0.2, update to version 21.0.2 or later.