nextcloud-22.1.1-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11087 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z nextcloud-22.1.1-1.2 on GA media These are all security issues fixed in the nextcloud-22.1.1-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11087 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11087 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-3762/ SUSE CVE CVE-2018-3762 page https://www.suse.com/security/cve/CVE-2020-8154/ SUSE CVE CVE-2020-8154 page https://www.suse.com/security/cve/CVE-2020-8155/ SUSE CVE CVE-2020-8155 page https://www.suse.com/security/cve/CVE-2020-8183/ SUSE CVE CVE-2020-8183 page openSUSE Tumbleweed nextcloud-22.1.1-1.2 nextcloud-apache-22.1.1-1.2 nextcloud-22.1.1-1.2 as a component of openSUSE Tumbleweed nextcloud-apache-22.1.1-1.2 as a component of openSUSE Tumbleweed Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. CVE-2018-3762 openSUSE Tumbleweed:nextcloud-22.1.1-1.2 openSUSE Tumbleweed:nextcloud-apache-22.1.1-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3762.html CVE-2018-3762 https://bugzilla.suse.com/1100343 SUSE Bug 1100343 An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. CVE-2020-8154 openSUSE Tumbleweed:nextcloud-22.1.1-1.2 openSUSE Tumbleweed:nextcloud-apache-22.1.1-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-8154.html CVE-2020-8154 https://bugzilla.suse.com/1171579 SUSE Bug 1171579 An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. CVE-2020-8155 openSUSE Tumbleweed:nextcloud-22.1.1-1.2 openSUSE Tumbleweed:nextcloud-apache-22.1.1-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-8155.html CVE-2020-8155 https://bugzilla.suse.com/1171572 SUSE Bug 1171572 A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. CVE-2020-8183 openSUSE Tumbleweed:nextcloud-22.1.1-1.2 openSUSE Tumbleweed:nextcloud-apache-22.1.1-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-8183.html CVE-2020-8183 https://bugzilla.suse.com/1178384 SUSE Bug 1178384