Improper access control checks for Nextcloud Server

Overview :
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.
Affected Product(s) :
  • Nextcloud Server 14.0.3
Vulnerability Details :
CVE ID : CVE-2020-8122
Risk level:Low
CVSS v3 Base Score:4.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CWE:Improper Access Control – Generic (CWE-284)

Solution :

It is recommended that all instances are upgraded to Nextcloud 15.0.0, Nextcloud 14.0.4, Nextcloud 13.0.8 or 12.0.13.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-1840 : Home Clean Services Management System Stored Cross-Site Scripting (XSS)

CVE-2022-1840 : Home Clean Services Management System Stored Cross-Site Scripting (XSS)

Description Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being

CVE-2022-1558 : Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2

CVE-2022-1558 : Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2

Description Several Cross-Site Scripting vulnerabilities in the Curtain WordPress plugin. Due to these Cross-Site Scripting vulnerabilities, an attacker would be

CVE-2022-AVAST2 : Self-Defense Bypass via Repairing Function

CVE-2022-AVAST2 : Self-Defense Bypass via Repairing Function

Description It was noted that there is security checking to prevent some of the Avast processes from loading of undesired/unsigned