Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HNextcloud Server
APPNextcloud< 19.0.1320.0.0 – 20.0.11 (bez)21.0.0 – 21.0.3 (bez)
Powiązane podatności
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation ...
Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews fo...
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion...
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before...
Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the...