Nextcloud Information Disclosure Vulnerability (CNVD-2023-07969)
Discription

An information disclosure vulnerability exists in Nextcloud, an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. The vulnerability stems from the fact that user passwords are stored in plaintext in the database during the OAuth2 setup process, and can be accessed by any user with access to the database until the OAuth setup is complete. An attacker could use this vulnerability to obtain sensitive information.Read More

Back to Main

Subscribe for the latest news: