Nextcloud: >> Nextcloud Server >> 14.0.0 Security Vulnerabilities
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.
CVSS Score
8.0
EPSS Score
0.003
Published
2020-02-04
A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events.
CVSS Score
4.3
EPSS Score
0.003
Published
2019-07-30
A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.
CVSS Score
3.1
EPSS Score
0.001
Published
2018-10-30
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.
CVSS Score
8.1
EPSS Score
0.001
Published
2018-10-30
Page 8