Search criteria
50 vulnerabilities found for N/A by Nextcloud
CERTFR-2024-AVI-0995
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Server versions 21.0.x antérieures à 21.0.9.18 pour nextcloud enterprise | ||
| Nextcloud | N/A | Server versions 26.0.x antérieures à 26.0.13.10 pour nextcloud enterprise | ||
| Nextcloud | N/A | Server versions 30.0.x antérieures à 30.0.2 | ||
| Nextcloud | N/A | Server versions 22.2.x antérieures à 22.2.10.23 pour nextcloud enterprise | ||
| Nextcloud | N/A | Server versions 28.0.x antérieures à 28.0.12 | ||
| Nextcloud | N/A | Server versions 24.0.x antérieures à 24.0.12.15 pour nextcloud enterprise | ||
| Nextcloud | N/A | Server versions 29.0.x antérieures à 29.0.9 | ||
| Nextcloud | N/A | Server versions 27.0.x antérieures à 27.1.10 | ||
| Nextcloud | N/A | Server versions 23.0.x antérieures à 23.0.12.18 pour nextcloud enterprise | ||
| Nextcloud | N/A | Server versions 25.0.x antérieures à 25.0.13.14 pour nextcloud enterprise | ||
| Nextcloud | N/A | Server versions 27.0.x antérieures à 27.1.11.10 pour nextcloud enterprise |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Server versions 21.0.x ant\u00e9rieures \u00e0 21.0.9.18 pour nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.13.10 pour nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 30.0.x ant\u00e9rieures \u00e0 30.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 22.2.x ant\u00e9rieures \u00e0 22.2.10.23 pour nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 28.0.x ant\u00e9rieures \u00e0 28.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.12.15 pour nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 29.0.x ant\u00e9rieures \u00e0 29.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 27.0.x ant\u00e9rieures \u00e0 27.1.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 23.0.x ant\u00e9rieures \u00e0 23.0.12.18 pour nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.13.14 pour nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 27.0.x ant\u00e9rieures \u00e0 27.1.11.10 pour nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-52514",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52514"
},
{
"name": "CVE-2024-52525",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52525"
},
{
"name": "CVE-2024-52515",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52515"
},
{
"name": "CVE-2024-52516",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52516"
},
{
"name": "CVE-2024-52523",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52523"
},
{
"name": "CVE-2024-52517",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52517"
},
{
"name": "CVE-2024-52519",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52519"
},
{
"name": "CVE-2024-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52520"
},
{
"name": "CVE-2024-52521",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52521"
},
{
"name": "CVE-2024-52518",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52518"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0995",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Nextcloud. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-fvpc-8hq6-jgq2",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fvpc-8hq6-jgq2"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-42w6-r45m-9w9j",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-42w6-r45m-9w9j"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-g8pr-g25r-58xj",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g8pr-g25r-58xj"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-35gc-jc6x-29cm",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35gc-jc6x-29cm"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-w7v5-mgxm-v6gm",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w7v5-mgxm-v6gm"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-pxqf-cfxw-mqmj",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxqf-cfxw-mqmj"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-x9q3-c7f8-3rcg",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x9q3-c7f8-3rcg"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-vrhf-532w-99rg",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vrhf-532w-99rg"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-5m5g-hw8c-2236",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5m5g-hw8c-2236"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-2q6f-gjgj-7hp4",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2q6f-gjgj-7hp4"
}
]
}
CERTFR-2024-AVI-0501
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Desktop client versions antérieures à 3.12.0 pour macOS | ||
| Nextcloud | N/A | Deck versions 1.8.x antérieures à 1.8.7 | ||
| Nextcloud | N/A | Notes versions antérieures à 4.9.3 | ||
| Nextcloud | N/A | Server versions 27.0.x antérieures à 27.1.10 pour nextcloud et nextcloud enterprise | ||
| Nextcloud | N/A | Server versions 23.0.x antérieures à 23.0.12.17 pour nextcloud enterprise | ||
| Nextcloud | N/A | Photos versions postérieures à 25.0.1 et antérieures à 25.0.7 | ||
| Nextcloud | N/A | Calendar versions antérieures à 4.7.2 | ||
| Nextcloud | N/A | Deck versions 1.9.x antérieures à 1.9.6 | ||
| Nextcloud | N/A | Server versions 28.0.x antérieures à 28.0.6 pour nextcloud et nextcloud enterprise | ||
| Nextcloud | N/A | Server versions 29.0.x antérieures à 29.0.1 pour nextcloud et nextcloud enterprise | ||
| Nextcloud | N/A | Server versions 25.0.x antérieures à 25.0.13.8 pour nextcloud enterprise | ||
| Nextcloud | N/A | Deck versions 1.11.x antérieures à 1.11.3 | ||
| Nextcloud | N/A | Server versions 26.0.x antérieures à 26.0.13 pour nextcloud et nextcloud enterprise | ||
| Nextcloud | N/A | Calendar versions antérieures à 4.6.8 | ||
| Nextcloud | N/A | Server versions 24.0.x antérieures à 24.0.12.13 pour nextcloud enterprise | ||
| Nextcloud | N/A | Deck versions 1.7.x antérieures à 1.7.5 | ||
| Nextcloud | N/A | Deck versions 1.6.x antérieures à 1.6.6 | ||
| Nextcloud | N/A | user_oidc versions antérieures à 1.3.5 | ||
| Nextcloud | N/A | Deck versions 1.12.x antérieures à 1.12.1 | ||
| Nextcloud | N/A | Photos versions 26.0.x antérieures à 26.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Desktop client versions ant\u00e9rieures \u00e0 3.12.0 pour macOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Deck versions 1.8.x ant\u00e9rieures \u00e0 1.8.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Notes versions ant\u00e9rieures \u00e0 4.9.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 27.0.x ant\u00e9rieures \u00e0 27.1.10 pour nextcloud et nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 23.0.x ant\u00e9rieures \u00e0 23.0.12.17 pour nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Photos versions post\u00e9rieures \u00e0 25.0.1 et ant\u00e9rieures \u00e0 25.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Calendar versions ant\u00e9rieures \u00e0 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Deck versions 1.9.x ant\u00e9rieures \u00e0 1.9.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 28.0.x ant\u00e9rieures \u00e0 28.0.6 pour nextcloud et nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 29.0.x ant\u00e9rieures \u00e0 29.0.1 pour nextcloud et nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.13.8 pour nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Deck versions 1.11.x ant\u00e9rieures \u00e0 1.11.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.13 pour nextcloud et nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Calendar versions ant\u00e9rieures \u00e0 4.6.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.12.13 pour nextcloud enterprise",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Deck versions 1.7.x ant\u00e9rieures \u00e0 1.7.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Deck versions 1.6.x ant\u00e9rieures \u00e0 1.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "user_oidc versions ant\u00e9rieures \u00e0 1.3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Deck versions 1.12.x ant\u00e9rieures \u00e0 1.12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Photos versions 26.0.x ant\u00e9rieures \u00e0 26.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37884"
},
{
"name": "CVE-2024-37315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37315"
},
{
"name": "CVE-2024-37886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37886"
},
{
"name": "CVE-2024-37883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37883"
},
{
"name": "CVE-2024-37317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37317"
},
{
"name": "CVE-2024-37314",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37314"
},
{
"name": "CVE-2024-37885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37885"
},
{
"name": "CVE-2024-37316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37316"
},
{
"name": "CVE-2024-37887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37887"
},
{
"name": "CVE-2024-37882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37882"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0501",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Nextcloud. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": "2024-06-14",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-h4xv-cjpm-j595",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595"
},
{
"published_at": "2024-06-14",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-jjm3-j9xh-5xmq",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jjm3-j9xh-5xmq"
},
{
"published_at": "2024-06-14",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-4mf7-v63m-99p7",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4mf7-v63m-99p7"
},
{
"published_at": "2024-06-14",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-2r7q-vfmv-79qf",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2r7q-vfmv-79qf"
},
{
"published_at": "2024-06-14",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-vw5h-29xf-g55g",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw5h-29xf-g55g"
},
{
"published_at": "2024-06-14",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-x45g-vx69-r9m8",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x45g-vx69-r9m8"
},
{
"published_at": "2024-06-14",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-xwgx-f37p-xh8c",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xwgx-f37p-xh8c"
},
{
"published_at": "2024-06-14",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-wfqv-cx85-7rjx",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx"
},
{
"published_at": "2024-06-14",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-9chh-5prm-wp43",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43"
},
{
"published_at": "2024-06-14",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-5mq8-738w-5942",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5mq8-738w-5942"
}
]
}
CERTFR-2024-AVI-0053
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud User Saml versions 5.0.x et 5.1.x antérieures à 5.1.5 | ||
| Nextcloud | N/A | Nextcloud Server versions antérieures à 28.0.0 | ||
| Nextcloud | N/A | Nextcloud Files ZIP versions 1.2.x antérieures à 1.2.1 | ||
| Nextcloud | N/A | Nextcloud Files ZIP versions 1.3.x et 1.4.x antérieures à 1.4.1 ou 1.5.0 | ||
| Nextcloud | N/A | Nextcloud User Saml versions 6.0.x antérieures à 6.0.1 | ||
| Nextcloud | N/A | Nextcloud Deck versions 1.9.x antérieures à 1.9.5 | ||
| Nextcloud | N/A | Nextcloud Deck versions 1.1x.x antérieures à 1.11.2 | ||
| Nextcloud | N/A | Nextcloud Guests versions 3.0.x antérieures à 3.0.1 | ||
| Nextcloud | N/A | Nextcloud Guests versions 2.5.x antérieures à 2.5.1 | ||
| Nextcloud | N/A | Nextcloud Guests versions 2.4.x antérieures à 2.4.1 | ||
| Nextcloud | N/A | Nextcloud User Saml versions 5.2.x antérieures à 5.2.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud User Saml versions 5.0.x et 5.1.x ant\u00e9rieures \u00e0 5.1.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions ant\u00e9rieures \u00e0 28.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Files ZIP versions 1.2.x ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Files ZIP versions 1.3.x et 1.4.x ant\u00e9rieures \u00e0 1.4.1 ou 1.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud User Saml versions 6.0.x ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Deck versions 1.9.x ant\u00e9rieures \u00e0 1.9.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Deck versions 1.1x.x ant\u00e9rieures \u00e0 1.11.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Guests versions 3.0.x ant\u00e9rieures \u00e0 3.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Guests versions 2.5.x ant\u00e9rieures \u00e0 2.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Guests versions 2.4.x ant\u00e9rieures \u00e0 2.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud User Saml versions 5.2.x ant\u00e9rieures \u00e0 5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22400",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22400"
},
{
"name": "CVE-2024-22402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22402"
},
{
"name": "CVE-2024-22213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22213"
},
{
"name": "CVE-2024-22404",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22404"
},
{
"name": "CVE-2024-22403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22403"
},
{
"name": "CVE-2024-22401",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22401"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0053",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nNextcloud. Elles permettent \u00e0 un attaquant de provoquer un contournement\nde la politique de s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-vhj3-mch4-67fq du 18 janvier 2024",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-622q-xhfr-xmv7 du 18 janvier 2024",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-v3qw-7vgv-2fxj du 18 janvier 2024",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v3qw-7vgv-2fxj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-wr87-hx3w-29hh du 18 janvier 2024",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wr87-hx3w-29hh"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-mg7w-x9fm-9wwc du 18 janvier 2024",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-wppc-f5g8-vx36 du 18 janvier 2024",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wppc-f5g8-vx36"
}
]
}
CERTFR-2023-AVI-1041
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Nextcloud Server. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Server Enterprise versions 27.x.x antérieures à 27.1.4 | ||
| Nextcloud | N/A | Nextcloud Server versions 26.0.x antérieures à 26.0.9 | ||
| Nextcloud | N/A | Nextcloud Server Enterprise versions 23.0.x antérieures à 23.0.12.13 | ||
| Nextcloud | N/A | Nextcloud Server Enterprise versions 25.0.x antérieures à 25.0.13.4 | ||
| Nextcloud | N/A | Nextcloud Server versions 27.x.x antérieures à 27.1.4 | ||
| Nextcloud | N/A | Nextcloud Server Enterprise versions 26.0.x antérieures à 26.0.9 | ||
| Nextcloud | N/A | Nextcloud Server Enterprise versions 24.0.x antérieures à 24.0.12.9 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Server Enterprise versions 27.x.x ant\u00e9rieures \u00e0 27.1.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server Enterprise versions 23.0.x ant\u00e9rieures \u00e0 23.0.12.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server Enterprise versions 25.0.x ant\u00e9rieures \u00e0 25.0.13.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 27.x.x ant\u00e9rieures \u00e0 27.1.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server Enterprise versions 26.0.x ant\u00e9rieures \u00e0 26.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server Enterprise versions 24.0.x ant\u00e9rieures \u00e0 24.0.12.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-49792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49792"
},
{
"name": "CVE-2023-49791",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49791"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-1041",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eNextcloud Server\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Nextcloud Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-5j2p-q736-hw98 du 18 d\u00e9cembre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5j2p-q736-hw98"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-3f8p-6qww-2prr du 18 d\u00e9cembre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3f8p-6qww-2prr"
}
]
}
CERTFR-2023-AVI-0968
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Entreprise versions 23.x antérieures à 23.0.12.12 | ||
| Nextcloud | N/A | Nextcloud Mail versions antérieures à 2.2.8 | ||
| Nextcloud | N/A | Nextcloud Entreprise versions 22.x antérieures à 22.2.10.16 | ||
| Nextcloud | N/A | Nextcloud versions 27.x antérieures à 27.1.3 | ||
| Nextcloud | N/A | Nextcloud Entreprise versions 24.x antérieures à 24.0.12.8 | ||
| Nextcloud | N/A | Nextcloud versions 26.x antérieures à 26.0.8 | ||
| Nextcloud | N/A | Nextcloud versions 25.x antérieures à 25.0.13 | ||
| Nextcloud | N/A | Nextcloud Entreprise versions 25.x antérieures à 25.0.13 | ||
| Nextcloud | N/A | Nextcloud Entreprise versions 20.x antérieures à 20.0.14.16 | ||
| Nextcloud | N/A | Nextcloud Mail versions 3.x antérieures à 3.3.0 | ||
| Nextcloud | N/A | Nextcloud Entreprise versions 21.x antérieures à 21.0.9.13 | ||
| Nextcloud | N/A | Nextcloud Entreprise versions 27.x antérieures à 27.1.3 | ||
| Nextcloud | N/A | Nextcloud Entreprise versions 26.x antérieures à 26.0.8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Entreprise versions 23.x ant\u00e9rieures \u00e0 23.0.12.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Mail versions ant\u00e9rieures \u00e0 2.2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise versions 22.x ant\u00e9rieures \u00e0 22.2.10.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud versions 27.x ant\u00e9rieures \u00e0 27.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise versions 24.x ant\u00e9rieures \u00e0 24.0.12.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud versions 26.x ant\u00e9rieures \u00e0 26.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud versions 25.x ant\u00e9rieures \u00e0 25.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise versions 25.x ant\u00e9rieures \u00e0 25.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise versions 20.x ant\u00e9rieures \u00e0 20.0.14.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Mail versions 3.x ant\u00e9rieures \u00e0 3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise versions 21.x ant\u00e9rieures \u00e0 21.0.9.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise versions 27.x ant\u00e9rieures \u00e0 27.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise versions 26.x ant\u00e9rieures \u00e0 26.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-48305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48305"
},
{
"name": "CVE-2023-48304",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48304"
},
{
"name": "CVE-2023-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48303"
},
{
"name": "CVE-2023-48302",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48302"
},
{
"name": "CVE-2023-48306",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48306"
},
{
"name": "CVE-2023-48239",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48239"
},
{
"name": "CVE-2023-48301",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48301"
},
{
"name": "CVE-2023-48307",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48307"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0968",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Nextcloud\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-8jwv-c8c8-9fr3 du 21 novembre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8jwv-c8c8-9fr3"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-f962-hw26-g267 du 21 novembre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f962-hw26-g267"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-4pp4-m8ph-2999 du 21 novembre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-2448-44rp-c7hh du 21 novembre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2448-44rp-c7hh"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-8f69-f9jg-4x3v du 21 novembre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f69-f9jg-4x3v"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-wgpw-qqq2-gwv6 du 21 novembre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wgpw-qqq2-gwv6"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-p7g9-x25m-4h87 du 21 novembre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p7g9-x25m-4h87"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-35p6-4992-w5fr du 21 novembre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35p6-4992-w5fr"
}
]
}
CERTFR-2023-AVI-0850
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Server versions 26.0.x antérieures à 26.0.6 | ||
| Nextcloud | N/A | Nextcloud Talk versions 17.x antérieures à 17.1.1 | ||
| Nextcloud | N/A | Nextcloud Entreprise Server versions 24.0.x antérieures à 24.0.12.7 | ||
| Nextcloud | N/A | Nextcloud Entreprise Server versions 26.0.x antérieures à 26.0.6 | ||
| Nextcloud | N/A | Nextcloud Entreprise Server versions 23.0.x antérieures à 23.0.12.11 | ||
| Nextcloud | N/A | Nextcloud Entreprise Server versions 25.0.x antérieures à 25.0.11 | ||
| Nextcloud | N/A | Nextcloud Server versions 27.x antérieures à 27.1.0 | ||
| Nextcloud | N/A | Nextcloud Talk versions 16.0.x antérieures à 16.0.6 | ||
| Nextcloud | N/A | Nextcloud Mail versions 2.x antérieures à 2.2.8 | ||
| Nextcloud | N/A | Nextcloud Entreprise Server versions 22.0.x antérieures à 22.2.10.16 | ||
| Nextcloud | N/A | Nextcloud Calendar versions 1.x à 4.x antérieures à 4.4.4 | ||
| Nextcloud | N/A | Nextcloud Mail versions 3.x antérieures à 3.3.0 | ||
| Nextcloud | N/A | Nextcloud Entreprise Server versions 27.x antérieures à 27.1.0 | ||
| Nextcloud | N/A | Nextcloud Server versions 25.0.x antérieures à 25.0.11 | ||
| Nextcloud | N/A | Nextcloud Talk versions 15.0.x antérieures à 15.0.8 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Talk versions 17.x ant\u00e9rieures \u00e0 17.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.12.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise Server versions 23.0.x ant\u00e9rieures \u00e0 23.0.12.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 27.x ant\u00e9rieures \u00e0 27.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Talk versions 16.0.x ant\u00e9rieures \u00e0 16.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Mail versions 2.x ant\u00e9rieures \u00e0 2.2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise Server versions 22.0.x ant\u00e9rieures \u00e0 22.2.10.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Calendar versions 1.x \u00e0 4.x ant\u00e9rieures \u00e0 4.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Mail versions 3.x ant\u00e9rieures \u00e0 3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise Server versions 27.x ant\u00e9rieures \u00e0 27.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Talk versions 15.0.x ant\u00e9rieures \u00e0 15.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-45150",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45150"
},
{
"name": "CVE-2023-45148",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45148"
},
{
"name": "CVE-2023-45151",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45151"
},
{
"name": "CVE-2023-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45149"
},
{
"name": "CVE-2023-45660",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45660"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2023-45150 du 16 octobre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r936-8gwm-w452"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2023-45148 du 16 octobre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xmhp-7vr4-hp63"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2023-45151 du 16 octobre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2023-45149 du 16 octobre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7rf8-pqmj-rpqv"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2023-45660 du 16 octobre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fmww-qr37"
}
],
"reference": "CERTFR-2023-AVI-0850",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nNextcloud. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2023-45150 du 16 octobre 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2023-45151 du 16 octobre 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2023-45148 du 16 octobre 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2023-45149 du 16 octobre 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2023-45660 du 16 octobre 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0845
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Nextcloud Server. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Server Entreprise versions 22.x.x.x antérieures à 22.2.10.14 | ||
| Nextcloud | N/A | Nextcloud Server Enterprise versions 26.x.x antérieures à 26.0.4 | ||
| Nextcloud | N/A | Nextcloud Server Enterprise versions 24.x.x.x antérieures à 24.0.12.5 | ||
| Nextcloud | N/A | Nextcloud Server versions 26.x.x antérieures à 26.0.4 | ||
| Nextcloud | N/A | Nextcloud Server versions 25.x.x antérieures à 25.0.9 | ||
| Nextcloud | N/A | Nextcloud Server Enterprise versions 23.x.x.x antérieures à 23.0.12.9 | ||
| Nextcloud | N/A | Nextcloud Server Enterprise versions 25.x.x antérieures à 25.0.9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Server Entreprise versions 22.x.x.x ant\u00e9rieures \u00e0 22.2.10.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server Enterprise versions 26.x.x ant\u00e9rieures \u00e0 26.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server Enterprise versions 24.x.x.x ant\u00e9rieures \u00e0 24.0.12.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 26.x.x ant\u00e9rieures \u00e0 26.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 25.x.x ant\u00e9rieures \u00e0 25.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server Enterprise versions 23.x.x.x ant\u00e9rieures \u00e0 23.0.12.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server Enterprise versions 25.x.x ant\u00e9rieures \u00e0 25.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-39960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39960"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0845",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans\u003cspan class=\"textit\"\u003e Nextcloud\nServer\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Nextcloud Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-2hrc-5fgp-c9c9 du 13 octobre 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2hrc-5fgp-c9c9"
}
]
}
CERTFR-2023-AVI-0649
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Enterprise Server versions 27.0.x antérieures à 27.0.1 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 24.0.x antérieures à 24.0.12.5 | ||
| Nextcloud | N/A | Nextcloud Notes versions antérieures à to 4.8.0 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 21.0.x antérieures à 21.0.9.13 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 23.0.x antérieures à 23.0.12.9 | ||
| Nextcloud | N/A | Nextcloud Server versions 25.0.x antérieures à 25.0.9 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 26.0.x antérieures à 26.0.4 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 22.0.x antérieures à 22.2.10.14 | ||
| Nextcloud | N/A | Nextcloud Server versions 27.0.x antérieures à 27.0.1 | ||
| Nextcloud | N/A | Nextcloud Server versions 26.0.x antérieures à 26.0.4 | ||
| Nextcloud | N/A | Application user_oidc app versions antérieures à 1.3.3 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 19.0.x antérieures à 19.0.13.10 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 25.0.x antérieures à 25.0.9 | ||
| Nextcloud | N/A | Nextcloud Talk Android versions antérieures à 17.0.0 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 20.0.x antérieures à 20.0.14.15 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Enterprise Server versions 27.0.x ant\u00e9rieures \u00e0 27.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.12.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Notes versions ant\u00e9rieures \u00e0 to 4.8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 21.0.x ant\u00e9rieures \u00e0 21.0.9.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 23.0.x ant\u00e9rieures \u00e0 23.0.12.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 22.0.x ant\u00e9rieures \u00e0 22.2.10.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 27.0.x ant\u00e9rieures \u00e0 27.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Application user_oidc app versions ant\u00e9rieures \u00e0 1.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 19.0.x ant\u00e9rieures \u00e0 19.0.13.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Talk Android versions ant\u00e9rieures \u00e0 17.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 20.0.x ant\u00e9rieures \u00e0 20.0.14.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-39962",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39962"
},
{
"name": "CVE-2023-39961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39961"
},
{
"name": "CVE-2023-39958",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39958"
},
{
"name": "CVE-2023-39963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39963"
},
{
"name": "CVE-2023-39954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39954"
},
{
"name": "CVE-2023-39957",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39957"
},
{
"name": "CVE-2023-39955",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39955"
},
{
"name": "CVE-2023-39959",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39959"
},
{
"name": "CVE-2023-39953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39953"
},
{
"name": "CVE-2023-39952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39952"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0649",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nNextcloud. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-6g88-37x7-4vw6 du 10 ao\u00fbt 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6g88-37x7-4vw6"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-g97r-8ffm-hfpj du 10 ao\u00fbt 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g97r-8ffm-hfpj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-vv27-g2hq-v48h du 10 ao\u00fbt 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vv27-g2hq-v48h"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-j4qm-5q5x-54m5 du 10 ao\u00fbt 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j4qm-5q5x-54m5"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-xx3h-v363-q36j du 10 ao\u00fbt 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xx3h-v363-q36j"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-xwxx-2752-w3xm du 10 ao\u00fbt 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xwxx-2752-w3xm"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-3f92-5c8p-f6gq du 10 ao\u00fbt 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3f92-5c8p-f6gq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-36f7-93f3-mcfj du 10 ao\u00fbt 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36f7-93f3-mcfj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-cq8w-v4fh-4rjq du 10 ao\u00fbt 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-cq8w-v4fh-4rjq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-qhgm-w4gx-gvgp du 10 ao\u00fbt 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp"
}
]
}
CERTFR-2023-AVI-0485
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Enterprise Server versions 22.x antérieures à 22.2.10.12 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 24.x antérieures à 24.0.12.2 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 23.x antérieures à 23.0.12.7 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 25.0.x antérieures à 25.0.7 | ||
| Nextcloud | N/A | Nextcloud Server versions 26.0.x antérieures à 26.0.2 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 26.0.x antérieures à 26.0.2 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 16.x à 19.x antérieures à 19.0.13.9 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 21.x antérieures à 21.0.9.12 | ||
| Nextcloud | N/A | Nextcloud Server versions 25.0.x antérieures à 25.0.7 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 20.x antérieures à 20.0.14.14 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Enterprise Server versions 22.x ant\u00e9rieures \u00e0 22.2.10.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 24.x ant\u00e9rieures \u00e0 24.0.12.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 23.x ant\u00e9rieures \u00e0 23.0.12.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 16.x \u00e0 19.x ant\u00e9rieures \u00e0 19.0.13.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 21.x ant\u00e9rieures \u00e0 21.0.9.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 20.x ant\u00e9rieures \u00e0 20.0.14.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-35927",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35927"
},
{
"name": "CVE-2023-35928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35928"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0485",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Nextcloud\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-h7f7-535f-7q87 du 22 juin 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h7f7-535f-7q87"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-637g-xp2c-qh5h du 22 juin 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-637g-xp2c-qh5h"
}
]
}
CERTFR-2023-AVI-0482
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Enterprise Server versions 22.x antérieures à 22.2.10.12 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 24.x antérieures à 24.0.12.2 | ||
| Nextcloud | N/A | Nextcloud End-to-end encryption versions 1.12.x antérieures à 1.12.4 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 23.x antérieures à 23.0.12.7 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 25.0.x antérieures à 25.0.7 | ||
| Nextcloud | N/A | Nextcloud Server versions 26.0.x antérieures à 26.0.2 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 21.0.x antérieures à 21.0.9.12 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 26.0.x antérieures à 26.0.2 | ||
| Nextcloud | N/A | Nextcloud Server versions 25.0.x antérieures à 25.0.7 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Enterprise Server versions 22.x ant\u00e9rieures \u00e0 22.2.10.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 24.x ant\u00e9rieures \u00e0 24.0.12.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud End-to-end encryption versions 1.12.x ant\u00e9rieures \u00e0 1.12.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 23.x ant\u00e9rieures \u00e0 23.0.12.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 21.0.x ant\u00e9rieures \u00e0 21.0.9.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-35171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35171"
},
{
"name": "CVE-2023-35173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35173"
},
{
"name": "CVE-2023-32320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32320"
},
{
"name": "CVE-2023-35172",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35172"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0482",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Nextcloud\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-mjf5-p765-qmr6 du 22 juin 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mjf5-p765-qmr6"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-x7c7-v5r3-mg37 du 22 juin 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x7c7-v5r3-mg37"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-h353-vvwv-j2r4 du 22 juin 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h353-vvwv-j2r4"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-qphh-6xh7-vffg du 22 juin 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qphh-6xh7-vffg"
}
]
}
CERTFR-2023-AVI-0410
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Nextcloud Serveur et Serveur Enterprise. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Serveur versions 24.0.x antérieures à 24.0.11 | ||
| Nextcloud | N/A | Nextcloud Serveur Enterprise versions 23.0.x antérieures à 23.0.12.6 | ||
| Nextcloud | N/A | Nextcloud Serveur versions 25.0.x antérieures à 25.0.6 | ||
| Nextcloud | N/A | Nextcloud Serveur versions 26.0.x antérieures à 26.0.1 | ||
| Nextcloud | N/A | Nextcloud Serveur Enterprise versions 25.0.x antérieures à 25.0.5 | ||
| Nextcloud | N/A | Nextcloud Serveur Enterprise versions 24.0.x antérieures à 24.0.12 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Serveur versions 24.0.x ant\u00e9rieures \u00e0 24.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Serveur Enterprise versions 23.0.x ant\u00e9rieures \u00e0 23.0.12.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Serveur versions 25.0.x ant\u00e9rieures \u00e0 25.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Serveur versions 26.0.x ant\u00e9rieures \u00e0 26.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Serveur Enterprise versions 25.0.x ant\u00e9rieures \u00e0 25.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Serveur Enterprise versions 24.0.x ant\u00e9rieures \u00e0 24.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-32319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32319"
},
{
"name": "CVE-2023-32318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32318"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0410",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eNextcloud Serveur et Serveur Enterprise\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-q8c4-chpj-6v38 du 24 mai 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q8c4-chpj-6v38"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-mr7q-xf62-fw54 du 24 mai 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54"
}
]
}
CERTFR-2023-AVI-0321
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Talk versions 15.0.x antérieures à 15.0.5 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 25.0.x antérieures à 25.0.5 | ||
| Nextcloud | N/A | Nextcloud Files automated tagging app versions 1.14.x antérieures à 1.14.2 | ||
| Nextcloud | N/A | Nextcloud Files automated tagging app versions 1.13.x antérieures à 1.13.1 | ||
| Nextcloud | N/A | Nextcloud Server versions 25.0.x antérieures à 25.0.5 | ||
| Nextcloud | N/A | Nextcloud Server versions 24.0.x antérieures à 24.0.11 | ||
| Nextcloud | N/A | Nextcloud Files automated tagging app versions 1.16.x antérieures à 1.16.1 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 23.0.12.x antérieures à 23.0.12.6 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 24.0.x antérieures à 24.0.11 | ||
| Nextcloud | N/A | Nextcloud Files automated tagging app versions 1.12.x antérieures à 1.12.1 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 21.0.9.x antérieures à 21.0.9.11 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 22.2.10.x antérieures à 22.2.10.11 | ||
| Nextcloud | N/A | Nextcloud Files automated tagging app versions 1.15.x antérieures à 1.15.3 | ||
| Nextcloud | N/A | Nextcloud Files automated tagging app versions 1.11.x antérieures à 1.11.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Talk versions 15.0.x ant\u00e9rieures \u00e0 15.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Files automated tagging app versions 1.14.x ant\u00e9rieures \u00e0 1.14.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Files automated tagging app versions 1.13.x ant\u00e9rieures \u00e0 1.13.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Files automated tagging app versions 1.16.x ant\u00e9rieures \u00e0 1.16.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 23.0.12.x ant\u00e9rieures \u00e0 23.0.12.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Files automated tagging app versions 1.12.x ant\u00e9rieures \u00e0 1.12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 21.0.9.x ant\u00e9rieures \u00e0 21.0.9.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 22.2.10.x ant\u00e9rieures \u00e0 22.2.10.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Files automated tagging app versions 1.15.x ant\u00e9rieures \u00e0 1.15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Files automated tagging app versions 1.11.x ant\u00e9rieures \u00e0 1.11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-30540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30540"
},
{
"name": "CVE-2023-30539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30539"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0321",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eNextcloud\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-c9hr-cq65-9mjw du 17 avril 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c9hr-cq65-9mjw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-3m2f-v8x7-9w99 du 17 avril 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3m2f-v8x7-9w99"
}
]
}
CERTFR-2023-AVI-0280
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Enterprise Server versions 24.0.x antérieures à 24.0.10 | ||
| Nextcloud | N/A | Nextcloud Server versions 24.0.x antérieures à 24.0.10 | ||
| Nextcloud | N/A | Nextcloud Office app (richdocuments) versions 7.0.x antérieures à 7.0.2 | ||
| Nextcloud | N/A | Nextcloud Talk versions 14.0.x antérieures à 14.0.9 | ||
| Nextcloud | N/A | Nextcloud Office app (richdocuments) versions antérieures à 8.0.0-beta.1 | ||
| Nextcloud | N/A | Nextcloud Talk versions 15.0.x antérieures à 15.0.4 | ||
| Nextcloud | N/A | Nextcloud Office app (richdocuments) versions 6.3.x antérieures à 6.3.2 | ||
| Nextcloud | N/A | Nextcloud Server versions 25.0.x antérieures à 25.0.4 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 25.0.x antérieures à 25.0.4 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Enterprise Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Office app (richdocuments) versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Talk versions 14.0.x ant\u00e9rieures \u00e0 14.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Office app (richdocuments) versions ant\u00e9rieures \u00e0 8.0.0-beta.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Talk versions 15.0.x ant\u00e9rieures \u00e0 15.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Office app (richdocuments) versions 6.3.x ant\u00e9rieures \u00e0 6.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28845",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28845"
},
{
"name": "CVE-2023-28645",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28645"
},
{
"name": "CVE-2023-28844",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28844"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0280",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Nextcloud\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-95j6-p5cj-5hh5 du 31 mars 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-95j6-p5cj-5hh5"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-w47p-f66h-h2vj du 31 mars 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w47p-f66h-h2vj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-3m6r-479j-4chf du 31 mars 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3m6r-479j-4chf"
}
]
}
CERTFR-2023-AVI-0274
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité, une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Entreprise Server versions 23.x antérieures à 23.0.14 | ||
| Nextcloud | N/A | Nextcloud Server versions 25.x antérieures à 25.0.4 | ||
| Nextcloud | N/A | Nextcloud Android app versions 3.7.x à 3.24.x antérieures à 3.24.1 | ||
| Nextcloud | N/A | Nextcloud Server versions 24.x antérieures à 24.0.10 | ||
| Nextcloud | N/A | Nextcloud iOS app versions 4.7.x antérieures à 4.7.0 | ||
| Nextcloud | N/A | Nextcloud Entreprise Server versions 24.x antérieures à 24.0.10 | ||
| Nextcloud | N/A | Nextcloud Entreprise Server versions 25.x antérieures à 25.0.4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Entreprise Server versions 23.x ant\u00e9rieures \u00e0 23.0.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 25.x ant\u00e9rieures \u00e0 25.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Android app versions 3.7.x \u00e0 3.24.x ant\u00e9rieures \u00e0 3.24.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 24.x ant\u00e9rieures \u00e0 24.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud iOS app versions 4.7.x ant\u00e9rieures \u00e0 4.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise Server versions 24.x ant\u00e9rieures \u00e0 24.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise Server versions 25.x ant\u00e9rieures \u00e0 25.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28643",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28643"
},
{
"name": "CVE-2023-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28835"
},
{
"name": "CVE-2023-28647",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28647"
},
{
"name": "CVE-2023-28646",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28646"
},
{
"name": "CVE-2023-28644",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28644"
},
{
"name": "CVE-2023-28833",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28833"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0274",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eNextcloud\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9, une ex\u00e9cution de code arbitraire \u00e0 distance, une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-7w2p-rp9m-9xp9 du 30 mars 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7w2p-rp9m-9xp9"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-wjgg-2v4p-2gq6 du 30 mars 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wjgg-2v4p-2gq6"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-ch7f-px7m-hg25 du 30 mars 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ch7f-px7m-hg25"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-hhq4-4pr8-wm27 du 30 mars 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhq4-4pr8-wm27"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-c3rf-94h6-vj8v du 30 mars 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3rf-94h6-vj8v"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-9wmj-gp8v-477j du 30 mars 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9wmj-gp8v-477j"
}
]
}
CERTFR-2023-AVI-0264
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Nextcloud Server. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Enterprise Server versions 24.x antérieures à 24.0.10 | ||
| Nextcloud | N/A | Nextcloud Server versions 24.0.x antérieures à 24.0.10 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 22.x antérieures à 22.2.10.10 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 23.x antérieures à 23.0.12.5 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 21.x antérieures à 21.0.9.10 | ||
| Nextcloud | N/A | Nextcloud Server versions 25.0.x antérieures à 25.0.4 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 25.0.x antérieures à 25.0.4 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Enterprise Server versions 24.x ant\u00e9rieures \u00e0 24.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 22.x ant\u00e9rieures \u00e0 22.2.10.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 23.x ant\u00e9rieures \u00e0 23.0.12.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 21.x ant\u00e9rieures \u00e0 21.0.9.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25817"
},
{
"name": "CVE-2023-25818",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25818"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0264",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eNextcloud Server\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Nextcloud Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-v243-x6jc-42mp du 27 mars 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v243-x6jc-42mp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-8v5c-f752-fgpv du 27 mars 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8v5c-f752-fgpv"
}
]
}
CERTFR-2023-AVI-0249
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans NextCloud Server. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Enterprise Server versions 24.x antérieures à 24.0.10 | ||
| Nextcloud | N/A | Nextcloud Server versions 24.0.x antérieures à 24.0.10 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 22.x antérieures à 22.2.10.10 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 23.x antérieures à 23.0.12.5 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 21.x antérieures à 21.0.9.10 | ||
| Nextcloud | N/A | Nextcloud Server versions 25.0.x antérieures à 25.0.4 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 25.0.x antérieures à 25.0.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Enterprise Server versions 24.x ant\u00e9rieures \u00e0 24.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 22.x ant\u00e9rieures \u00e0 22.2.10.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 23.x ant\u00e9rieures \u00e0 23.0.12.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 21.x ant\u00e9rieures \u00e0 21.0.9.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25820",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25820"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans NextCloud Server. Elle permet \u00e0\nun attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans NextCloud Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NextCloud GHSA-36g6-wjx2-333x du 21 mars 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36g6-wjx2-333x"
}
]
}
CERTFR-2023-AVI-0173
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Nextcloud Talk. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Talk versions 15.0.x ant\u00e9rieures \u00e0 15.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-26041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26041"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0173",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Nextcloud Talk. Elle permet \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Nextcloud Talk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2023-26041 du 27 f\u00e9vrier 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j53p-r755-v4jf"
}
]
}
CERTFR-2023-AVI-0170
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les Nextcloud. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Server versions ultérieures à 24.0.4 antérieures à 24.0.7 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 25.0.x antérieures à 25.0.3 | ||
| Nextcloud | N/A | Nextcloud Server versions 25.0.x antérieures à 25.0.3 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions ultérieures à 24.0.4 antérieures à 24.0.7 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Server versions ult\u00e9rieures \u00e0 24.0.4 ant\u00e9rieures \u00e0 24.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 25.0.x ant\u00e9rieures \u00e0 25.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions ult\u00e9rieures \u00e0 24.0.4 ant\u00e9rieures \u00e0 24.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25816",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25816"
},
{
"name": "CVE-2023-25821",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25821"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud\u00a0GHSA-53q2-cm29-7j83 du 24 f\u00e9vrier 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-53q2-cm29-7j83"
}
],
"reference": "CERTFR-2023-AVI-0170",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les \u003cspan\nclass=\"textit\"\u003eNextcloud.\u003c/span\u003e Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-53q2-cm29-7j83 du 24 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-7w6h-5qgw-4j94 du 24 f\u00e9vrier 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7w6h-5qgw-4j94"
}
]
}
CERTFR-2023-AVI-0159
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Nextcloud Serveur. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | NextCloud Serveur versions 25.x antérieures à 25.0.2 | ||
| Nextcloud | N/A | NextCloud Serveur (Entreprise) versions 24.0.x antérieures à 24.0.8 | ||
| Nextcloud | N/A | NextCloud Serveur versions 24.x antérieures à 24.0.8 | ||
| Nextcloud | N/A | NextCloud Serveur (Entreprise) versions 23.0.x antérieures à 23.0.12 | ||
| Nextcloud | N/A | NextCloud Serveur (Entreprise) versions 20.0.x antérieures à 20.0.14.12 | ||
| Nextcloud | N/A | NextCloud Serveur versions 23.x antérieures à 23.0.12 | ||
| Nextcloud | N/A | NextCloud Serveur (Entreprise) versions 21.0.x antérieures à 21.0.9.10 | ||
| Nextcloud | N/A | NextCloud Serveur (Entreprise) versions 22.2.x antérieures à 22.2.10.10 | ||
| Nextcloud | N/A | NextCloud Serveur (Entreprise) versions 25.0.x antérieures à 25.0.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NextCloud Serveur versions 25.x ant\u00e9rieures \u00e0 25.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "NextCloud Serveur (Entreprise) versions 24.0.x ant\u00e9rieures \u00e0 24.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "NextCloud Serveur versions 24.x ant\u00e9rieures \u00e0 24.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "NextCloud Serveur (Entreprise) versions 23.0.x ant\u00e9rieures \u00e0 23.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "NextCloud Serveur (Entreprise) versions 20.0.x ant\u00e9rieures \u00e0 20.0.14.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "NextCloud Serveur versions 23.x ant\u00e9rieures \u00e0 23.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "NextCloud Serveur (Entreprise) versions 21.0.x ant\u00e9rieures \u00e0 21.0.9.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "NextCloud Serveur (Entreprise) versions 22.2.x ant\u00e9rieures \u00e0 22.2.10.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "NextCloud Serveur (Entreprise) versions 25.0.x ant\u00e9rieures \u00e0 25.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25579",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25579"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0159",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003eNextcloud\u003c/span\u003e Serveur. Elle permet \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Nextcloud Serveur",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-273v-9h7x-p68v du 22 f\u00e9vrier 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-273v-9h7x-p68v"
}
]
}
CERTFR-2023-AVI-0117
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Nextcloud. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Mail versions 1.12.x antérieures à 1.12.9 | ||
| Nextcloud | N/A | Nextcloud Office (Richdocuments) App versions 6.0.0 à 6.3.0 antérieures à 6.3.1 | ||
| Nextcloud | N/A | Nextcloud Mail versions 1.14.x antérieures à 1.14.5 | ||
| Nextcloud | N/A | Nextcloud Server et Nextcloud Enterprise Server versions 24.0.x antérieures à 24.0.8 | ||
| Nextcloud | N/A | Nextcloud Server et Nextcloud Enterprise Server version 25.0.0 antérieure à 25.0.1 | ||
| Nextcloud | N/A | Nextcloud Mail versions 1.11.x antérieures à 1.11.8 | ||
| Nextcloud | N/A | Nextcloud Server et Nextcloud Enterprise Server versions 23.0.x antérieures à 23.0.12 | ||
| Nextcloud | N/A | Nextcloud Office (Richdocuments) App version 7.0.0 antérieure à 7.0.1 | ||
| Nextcloud | N/A | Nextcloud Mail versions 2.2.x antérieures à 2.2.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Mail versions 1.12.x ant\u00e9rieures \u00e0 1.12.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Office (Richdocuments) App versions 6.0.0 \u00e0 6.3.0 ant\u00e9rieures \u00e0 6.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Mail versions 1.14.x ant\u00e9rieures \u00e0 1.14.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server et Nextcloud Enterprise Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server et Nextcloud Enterprise Server version 25.0.0 ant\u00e9rieure \u00e0 25.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Mail versions 1.11.x ant\u00e9rieures \u00e0 1.11.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server et Nextcloud Enterprise Server versions 23.0.x ant\u00e9rieures \u00e0 23.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Office (Richdocuments) App version 7.0.0 ant\u00e9rieure \u00e0 7.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Mail versions 2.2.x ant\u00e9rieures \u00e0 2.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25161"
},
{
"name": "CVE-2023-25162",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25162"
},
{
"name": "CVE-2023-25159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25159"
},
{
"name": "CVE-2023-25160",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25160"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud du 13 f\u00e9vrier 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m45f-r5gh-h6cx"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud du 13 f\u00e9vrier 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud du 13 f\u00e9vrier 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-492h-596q-xr2f"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud du 13 f\u00e9vrier 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92g2-h5jv-jjmg"
}
],
"reference": "CERTFR-2023-AVI-0117",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eNextcloud\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-92g2-h5jv-jjmg du 13 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-492h-596q-xr2f du 13 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-mqrx-grp7-244m du 13 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-m45f-r5gh-h6cx du 13 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0104
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Nextcloud. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud office/richdocuments versions 3.8.x antérieures à 3.8.7 | ||
| Nextcloud | N/A | Nextcloud office/richdocuments versions 4.2.x antérieures à 4.2.9 | ||
| Nextcloud | N/A | Nextcloud office/richdocuments versions 6.3.x antérieures à 6.3.2 | ||
| Nextcloud | N/A | Nextcloud office/richdocuments versions 7.0.x antérieures à 7.0.2 | ||
| Nextcloud | N/A | Nextcloud office/richdocuments versions 5.0.x antérieures à 5.0.10 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud office/richdocuments versions 3.8.x ant\u00e9rieures \u00e0 3.8.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud office/richdocuments versions 4.2.x ant\u00e9rieures \u00e0 4.2.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud office/richdocuments versions 6.3.x ant\u00e9rieures \u00e0 6.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud office/richdocuments versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud office/richdocuments versions 5.0.x ant\u00e9rieures \u00e0 5.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25150",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25150"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud du 08 f\u00e9vrier 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64xc-r58v-53gj"
}
],
"reference": "CERTFR-2023-AVI-0104",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003eNextcloud\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-64xc-r58v-53gj du 08 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0096
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Nextcloud. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Desktop client versions 3.6.x ant\u00e9rieures \u00e0 3.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Mail app versions 2.2.x ant\u00e9rieures \u00e0 2.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23944"
},
{
"name": "CVE-2023-23942",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23942"
},
{
"name": "CVE-2023-23943",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23943"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud du 06 f\u00e9vrier 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g86r-x755-93f4"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud du 06 f\u00e9vrier 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-r739-9pf6"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud du 06 f\u00e9vrier 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg"
}
],
"reference": "CERTFR-2023-AVI-0096",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eNextcloud\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-64qc-vf6v-8xgg du 06 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-g86r-x755-93f4 du 06 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-8gcx-r739-9pf6 du 06 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0011
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Server et Nextcloud Enterprise Server versions antérieures à 23.0.10 | ||
| Nextcloud | N/A | Nextcloud Talk Android app versions antérieures à 15.0.2 | ||
| Nextcloud | N/A | Nextcloud Server et Nextcloud Enterprise Server versions 24.0.x antérieures à 24.0.6 | ||
| Nextcloud | N/A | Nextcloud app Deck versions antérieures à 1.8.2 | ||
| Nextcloud | N/A | Nextcloud app Suspicious Login versions antérieures à 1.13.9 | ||
| Nextcloud | N/A | Nextcloud Desktop versions antérieures à 3.6.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Server et Nextcloud Enterprise Server versions ant\u00e9rieures \u00e0 23.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Talk Android app versions ant\u00e9rieures \u00e0 15.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server et Nextcloud Enterprise Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud app Deck versions ant\u00e9rieures \u00e0 1.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud app Suspicious Login versions ant\u00e9rieures \u00e0 1.13.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Desktop versions ant\u00e9rieures \u00e0 3.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22473",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22473"
},
{
"name": "CVE-2023-22472",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22472"
},
{
"name": "CVE-2023-22470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22470"
},
{
"name": "CVE-2023-22471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22471"
},
{
"name": "CVE-2023-22469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22469"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0011",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nNextcloud. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud du 09 janvier 2023",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wvr4-gc4c-6vmx"
}
]
}
CERTFR-2022-AVI-1073
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits NextCloud. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Entreprise Server versions 24.x antérieures à 24.0.7 | ||
| Nextcloud | N/A | Nextcloud Server versions 23.x antérieures à 23.0.11 | ||
| Nextcloud | N/A | Nextcloud Entreprise Server versions 25.x antérieures à 25.0.1 | ||
| Nextcloud | N/A | Nextcloud Talk versions 12.x antérieures à 12.2.8 | ||
| Nextcloud | N/A | Nextcloud Talk versions 13.x antérieures à 13.0.10 | ||
| Nextcloud | N/A | Nextcloud Server versions 25.x antérieures à 25.0.1 | ||
| Nextcloud | N/A | Nextcloud Talk versions 14.x antérieures à 14.0.6 | ||
| Nextcloud | N/A | Nextcloud Entreprise Server versions 23.x antérieures à 23.0.11 | ||
| Nextcloud | N/A | Nextcloud Talk versions 15.x antérieures à 15.0 | ||
| Nextcloud | N/A | Nextcloud Server versions 24.x antérieures à 24.0.7 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Entreprise Server versions 24.x ant\u00e9rieures \u00e0 24.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 23.x ant\u00e9rieures \u00e0 23.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise Server versions 25.x ant\u00e9rieures \u00e0 25.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Talk versions 12.x ant\u00e9rieures \u00e0 12.2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Talk versions 13.x ant\u00e9rieures \u00e0 13.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 25.x ant\u00e9rieures \u00e0 25.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Talk versions 14.x ant\u00e9rieures \u00e0 14.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise Server versions 23.x ant\u00e9rieures \u00e0 23.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Talk versions 15.x ant\u00e9rieures \u00e0 15.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 24.x ant\u00e9rieures \u00e0 24.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41968"
},
{
"name": "CVE-2022-41971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41971"
},
{
"name": "CVE-2022-41969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41969"
},
{
"name": "CVE-2022-41970",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41970"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1073",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nNextCloud. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NextCloud",
"vendor_advisories": [
{
"published_at": null,
"title": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9mh6-cph8-772c du 01 d\u00e9cembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wx6w-xpg9-6fv4"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NextCloud GHSA-m92j-xxc8-hq3v du 01 d\u00e9cembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wx6w-xpg9-6fv4"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NextCloud GHSA-4gm7-j7wg-m4fx du 01 d\u00e9cembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wx6w-xpg9-6fv4"
},
{
"published_at": null,
"title": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wx6w-xpg9-6fv4 du 01 d\u00e9cembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wx6w-xpg9-6fv4"
}
]
}
CERTFR-2022-AVI-1057
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Talk Android versions ant\u00e9rieures \u00e0 14.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "user_oidc versions ant\u00e9rieures \u00e0 v1.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Desktop versions ant\u00e9rieures \u00e0 3.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39338"
},
{
"name": "CVE-2022-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39331"
},
{
"name": "CVE-2022-39334",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39334"
},
{
"name": "CVE-2022-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39333"
},
{
"name": "CVE-2022-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39332"
},
{
"name": "CVE-2022-41926",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41926"
},
{
"name": "CVE-2022-39339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39339"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1057",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nNextcloud. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es\net une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-39333 du 25 novembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-39338 du 25 novembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5fpw-795h-rg57"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-39334 du 25 novembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-39339 du 25 novembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vff-cq8h-chhg"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-39332 du 25 novembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-39331 du 25 novembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-41926 du 25 novembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-564v-3rfc-352m"
}
]
}
CERTFR-2022-AVI-1026
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Nextcloud Desktop. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Desktop versions 3.6.x ant\u00e9rieures \u00e0 3.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41882",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41882"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1026",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Nextcloud Desktop. Elle permet \u00e0\nun attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Nextcloud Desktop",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-41882 du 11 novembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63"
}
]
}
CERTFR-2022-AVI-970
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Nextcloud Server. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Enterprise 23.0.x Server versions antérieures à 23.0.9 | ||
| Nextcloud | N/A | Nextcloud Enterprise 24.0.x Server versions antérieures à 24.0.5 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions antérieures à 22.2.10.5 | ||
| Nextcloud | N/A | Nextcloud Server versions antérieures à 23.0.9 | ||
| Nextcloud | N/A | Nextcloud Server 24.0.x versions antérieures à 24.0.5 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Enterprise 23.0.x Server versions ant\u00e9rieures \u00e0 23.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise 24.0.x Server versions ant\u00e9rieures \u00e0 24.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions ant\u00e9rieures \u00e0 22.2.10.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions ant\u00e9rieures \u00e0 23.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server 24.0.x versions ant\u00e9rieures \u00e0 24.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-39364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39364"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-39364 du 27 octobre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpf5-jj85-36h5"
}
],
"reference": "CERTFR-2022-AVI-970",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Nextcloud Server. Elle permet \u00e0\nun attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Nextcloud Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-39364 du 27 octobre 2022",
"url": null
}
]
}
CERTFR-2022-AVI-961
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Nextcloud Server. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Entreprise Server versions antérieures à 23.0.10 | ||
| Nextcloud | N/A | Nextcloud Server versions antérieures à 23.0.10 | ||
| Nextcloud | N/A | Nextcloud Server versions 24.x antérieures à 24.0.6 | ||
| Nextcloud | N/A | Nextcloud Entreprise Server versions 24.x antérieures à 24.0.5 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Entreprise Server versions ant\u00e9rieures \u00e0 23.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions ant\u00e9rieures \u00e0 23.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 24.x ant\u00e9rieures \u00e0 24.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Entreprise Server versions 24.x ant\u00e9rieures \u00e0 24.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-39330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39330"
},
{
"name": "CVE-2022-39329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39329"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-39330 du 27 octobre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wxx7-w5p4-7x4c"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-39329 du 27 octobre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f3p-rcm5-mrg3"
}
],
"reference": "CERTFR-2022-AVI-961",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Nextcloud Server.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Nextcloud Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-39330 du 27 octobre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud CVE-2022-39329 du 27 octobre 2022",
"url": null
}
]
}
CERTFR-2022-AVI-829
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | N/A | Nextcloud Enterprise Server versions 23.0.x antérieures à 23.0.8 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 24.0.x antérieures à 24.0.4 | ||
| Nextcloud | N/A | Nextcloud Enterprise Server versions 22.2.x antérieures à 22.2.11 | ||
| Nextcloud | N/A | Nextcloud Files Access Control versions 1.13.x antérieures à 1.13.1 | ||
| Nextcloud | N/A | Nextcloud Android versions antérieures à 3.21.0 | ||
| Nextcloud | N/A | Nextcloud Files Access Control versions 1.12.x antérieures à 1.12.2 | ||
| Nextcloud | N/A | Nextcloud Server versions 24.0.x antérieures à 24.0.4 | ||
| Nextcloud | N/A | Nextcloud Talk versions 13.0.x antérieures à 13.0.8 | ||
| Nextcloud | N/A | Nextcloud Talk versions 14.0.x antérieures à 14.0.4 | ||
| Nextcloud | N/A | Nextcloud Files Access Control versions 1.14.x antérieures à 1.14.1 | ||
| Nextcloud | N/A | Nextcloud Server versions 23.0.x antérieures à 23.0.8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nextcloud Enterprise Server versions 23.0.x ant\u00e9rieures \u00e0 23.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Enterprise Server versions 22.2.x ant\u00e9rieures \u00e0 22.2.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Files Access Control versions 1.13.x ant\u00e9rieures \u00e0 1.13.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Android versions ant\u00e9rieures \u00e0 3.21.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Files Access Control versions 1.12.x ant\u00e9rieures \u00e0 1.12.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 24.0.x ant\u00e9rieures \u00e0 24.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Talk versions 13.0.x ant\u00e9rieures \u00e0 13.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Talk versions 14.0.x ant\u00e9rieures \u00e0 14.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Files Access Control versions 1.14.x ant\u00e9rieures \u00e0 1.14.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Nextcloud Server versions 23.0.x ant\u00e9rieures \u00e0 23.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-39210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39210"
},
{
"name": "CVE-2022-39211",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39211"
},
{
"name": "CVE-2022-36075",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36075"
},
{
"name": "CVE-2022-36074",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36074"
},
{
"name": "CVE-2022-39212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39212"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-829",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nNextcloud. Elles permettent \u00e0 un attaquant de provoquer un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-wq3g-2x46-q2gv du 16 septembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wq3g-2x46-q2gv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-vw2w-gpcv-v39f du 15 septembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw2w-gpcv-v39f"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-vqgm-f748-g76v du 15 septembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vqgm-f748-g76v"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-vw2w-gpcv-v39f du 16 septembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw2w-gpcv-v39f"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-4m73-g7v7-v62w du 15 septembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-g7v7-v62w"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-rmf9-w497-8cq8 du 16 septembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8"
}
]
}
CERTFR-2022-AVI-788
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Nextcloud. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NextCloud versions 22.2.x ant\u00e9rieures \u00e0 22.2.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "NextCloud versions 23.0.x ant\u00e9rieures \u00e0 23.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "NextCloud versions 24.0.x ant\u00e9rieures \u00e0 24.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35931",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35931"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-788",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Nextcloud. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Nextcloud",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-c7mw-9q4r-8qwr du 1 septembre 2022",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7mw-9q4r-8qwr"
}
]
}