Ausnahme gefangen: SSL certificate problem: certificate is not yet valid ๐Ÿ“Œ Nextcloud: Default Nextcloud allows http federated shares
Team IT Security Nachrichtenportal Logo

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security
RSS Feed Symbol fรผr Team IT Security 800+ IT News als RSS Feed abonnieren



๐Ÿ“š Nextcloud: Default Nextcloud allows http federated shares


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: vulners.com


image
userA on serverA runs on http only userA sends a federated share to userB on serverB userB is a normal user so he has no clue that there is no secure transport used and accepts the share all the data written to and read from is now no longer protected by TLS Impact While maybe a bit far fetched. But this would allow for man in the middle attacks. Nextcloud just seems to allow plain http communication by default. It is in my opinion not sensible at all to expect end users to know the difference here. I propose: Allow only https by default (certificates are easy and cheap these days) If it is for local debugging then only allow http when debugging If really needed for some edge case make this explicit opt in in... ...



Sharing is caring on Social Media

๐Ÿ”— Reddit
๐Ÿ”— Telegram
๐Ÿ”— LinkedIn
๐Ÿ”— Xing
๐Ÿ”— Twitter
๐Ÿ”— Whatsapp
๐Ÿ”— Facebook
๐Ÿ”— Flipboard

Join the Team IT Security Community

๐Ÿ”— "IT Sicherheit" Reddit-Gruppe
๐Ÿ”— "IT Sicherheit" Telegramm-Seite

๐Ÿ“Œ Nextcloud: Default Nextcloud allows http federated shares


๐Ÿ“ˆ 70.35 Punkte

๐Ÿ“Œ Nextcloud: Unexpected federated shares added via public link


๐Ÿ“ˆ 39.85 Punkte

๐Ÿ“Œ Federated learning with TensorFlow Federated (TF World '19)


๐Ÿ“ˆ 35.63 Punkte

๐Ÿ“Œ Kollaborationsserver: Owncloud 10.2 verbessert Federated Shares


๐Ÿ“ˆ 30.06 Punkte

๐Ÿ“Œ Kollaborationsserver: Owncloud 10.2 verbessert Federated Shares


๐Ÿ“ˆ 30.06 Punkte

๐Ÿ“Œ Nextcloud: Improper handling of request URLs in nextcloud/guests allows guest users to bypass app allowlist


๐Ÿ“ˆ 29.56 Punkte

๐Ÿ“Œ Nextcloud Server up to 19.0.10/20.0.9/21.0.1 Federated Share information disclosure


๐Ÿ“ˆ 27.61 Punkte

๐Ÿ“Œ Nextcloud Server up to 19.0.10/20.0.9/21.0.1 Federated Share information disclosure


๐Ÿ“ˆ 27.61 Punkte

๐Ÿ“Œ CVE-2022-31120 | Nextcloud Server up to 22.2.6/23.0.3 Federated Share insufficient logging (GHSA-9qvg-7fwg-722x)


๐Ÿ“ˆ 27.61 Punkte

๐Ÿ“Œ What is Issue of Shares? Types of Shares, Advantages and Disadvantages


๐Ÿ“ˆ 24.49 Punkte

๐Ÿ“Œ Nextcloud: Disabled download shares still allow download through preview images


๐Ÿ“ˆ 22.04 Punkte

๐Ÿ“Œ Buho allows you to take quick notes and have them synced using your NextCloud account. You can use it on an Android or Linux phone and have the notes available also on your Windows or Linux desktop PC. More info and packages on the Maui Weekly blog p


๐Ÿ“ˆ 19.77 Punkte

๐Ÿ“Œ Nextcloud: Authentication bypass in Global Site Selector allows an attacker to log in as any user


๐Ÿ“ˆ 19.77 Punkte

๐Ÿ“Œ Nextcloud: IDOR allows me to mark devices of another user for remote wipe out


๐Ÿ“ˆ 19.77 Punkte

๐Ÿ“Œ Nextcloud: Allows any user to share their "Root" level folder by sharing "."


๐Ÿ“ˆ 19.77 Punkte

๐Ÿ“Œ Nextcloud and Canonical Introduce Nextcloud Box to Create Your Own Private Cloud


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Nextcloud Talk: Videokonferenzen fรผr Nextcloud vorgestellt


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Nextcloud: Content Spoofing /Text Injection in https://docs.nextcloud.com


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Nextcloud and ONLYOFFICE are doing a webinar on collaborative editing in Nextcloud environment on Nov 20th


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ KDE and Nextcloud Developers Discuss Integration of Nextcloud in KDE Plasma


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Nextcloud and Canonical Introduce Nextcloud Box to Create Your Own Private Cloud


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ KDE and Nextcloud Developers Discuss Integration of Nextcloud in KDE Plasma


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Nextcloud: Vulnerable W3 Total Cache plugin version in use on nextcloud.com


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Nextcloud Hub: Version 18 der Nextcloud wird zur ausgewachsenen Groupware


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Nextcloud Hub: Version 18 der Nextcloud wird zur ausgewachsenen Groupware


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Nextcloud wird zu ยปNextcloud Hubยซ


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ News: Nextcloud wird zu ยปNextcloud Hubยซ


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Low CVE-2020-8117: Nextcloud Nextcloud server


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Nextcloud: Some HTML Tags are Getting Executed in com.nextcloud.client


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Nextcloud: Nextcloud Clickjacking Vulnerability


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Medium CVE-2019-15623: Nextcloud Nextcloud server


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Low CVE-2019-15618: Nextcloud Nextcloud server


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Low CVE-2020-8120: Nextcloud Nextcloud


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Low CVE-2020-8119: Nextcloud Nextcloud server


๐Ÿ“ˆ 19.58 Punkte

๐Ÿ“Œ Low CVE-2020-8139: Nextcloud Nextcloud server


๐Ÿ“ˆ 19.58 Punkte











matomo

Kontakt

24/7 kontakt@tsecurity.de

Weitere Informationen

Google Android Playstore Download Button fรผr Team IT Security
๐Ÿ”— Impressum
๐Ÿ”— Datenschutz
Paypal Spenden fรผr Projekt

Social Media

๐Ÿ”— Facebook
๐Ÿ”— Reddit
๐Ÿ”— Team IT Security als Elektron App
๐Ÿ”— © 2015-2023 Team IT Security Nachrichtenportal รผber Cybersecurity
๐Ÿ”— CMS "myDraft" a PHP Portal Software