Nextcloud Information Disclosure Vulnerability (CNVD-2023-07969)

An information disclosure vulnerability exists in Nextcloud, an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. The vulnerability stems from the fact that user passwords are stored in plaintext in the database during the OAuth2 setup process, and can be accessed by any user with access to the database until the OAuth setup is complete. An attacker could use this vulnerability to obtain sensitive information.Read More