-
Notifications
You must be signed in to change notification settings - Fork 13
Security: nextcloud/security-advisories
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Ability to by-pass second factorGHSA-9v72-9xv5-3p7c published
Jun 14, 2024 by nickvergessenHigh -
ID4me feature of OpenID connect app available even when disabledGHSA-vw7g-959g-vj6q published
Jun 14, 2024 by nickvergessenModerate -
Can download "view-only" files with the Files ZIP appGHSA-vhj3-mch4-67fq published
Jan 18, 2024 by nickvergessenModerate -
OAuth2 authorization codes are valid indefinetlyGHSA-wppc-f5g8-vx36 published
Jan 18, 2024 by nickvergessenLow -
Improper handling of request URLs in Guests app allows guest users to bypass app allowlistGHSA-v3qw-7vgv-2fxj published
Jan 18, 2024 by nickvergessenModerate -
All users can reset the allowed apps list for Guest App usersGHSA-wr87-hx3w-29hh published
Jan 18, 2024 by nickvergessenModerate -
Open redirect in user_saml via RelayState parameterGHSA-622q-xhfr-xmv7 published
Jan 18, 2024 by nickvergessenLow -
Self XSS when sending HTML as a comment in the Deck appGHSA-mg7w-x9fm-9wwc published
Jan 18, 2024 by nickvergessenLow -
Bruteforce protection can be bypassed with misconfigured proxyGHSA-5j2p-q736-hw98 published
Dec 18, 2023 by nickvergessenModerate -
Workflows do not require password confirmation on API levelGHSA-3f8p-6qww-2prr published
Dec 18, 2023 by nickvergessenModerate