SB2020020428 - Multiple vulnerabilities in Nextcloud Server
Published: February 4, 2020 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2020-8118)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
2) Improper Preservation of Permissions (CVE-ID: CVE-2019-15621)
The vulnerability allows a remote authenticated user to manipulate data.
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.
3) Information disclosure (CVE-ID: CVE-2019-15623)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.
Remediation
Install update from vendor's website.
References
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html
- https://hackerone.com/reports/427835
- https://nextcloud.com/security/advisory/?id=NC-SA-2019-014
- https://hackerone.com/reports/619484
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-012
- https://hackerone.com/reports/508490
- https://nextcloud.com/security/advisory/?id=NC-SA-2019-016