SB2017050807 - Multiple vulnerabilities in Nextcloud Server

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2017-0891)

The vulnerability allows a remote authenticated user to read and manipulate data.

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.

2) Cross-site scripting (CVE-ID: CVE-2017-0893)

The vulnerability allows a remote authenticated user to read and manipulate data.

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.

Remediation

Install update from vendor's website.

References

• https://hackerone.com/reports/216812
• https://nextcloud.com/security/advisory/?id=nc-sa-2017-008
• https://hackerone.com/reports/222838
• https://nextcloud.com/security/advisory/?id=nc-sa-2017-010