漏洞标题
攻击者可以获得任何联合共享/公共链接的写入权限
漏洞描述信息
攻击者可以获得任何联合共享/公共链接的写入权限
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
漏洞类别
N/A
漏洞标题
Attacker can obtain write access to any federated share/public link
漏洞描述信息
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link. Users can upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a workaround, disable federated file sharing.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
通过用户控制密钥绕过授权机制
漏洞标题
Nextcloud 安全漏洞
漏洞描述信息
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud Server 存在安全漏洞,该漏洞源于公共链接可以作为联邦文件共享添加。攻击者可利用该漏洞接收任何联邦文件共享的写读权限。
CVSS信息
N/A
漏洞类别
其他