RSS   Vulnerabilities for 'Officeonline'   RSS

2021-10-25
 
CVE-2021-39224

NVD-CWE-noinfo
 

 
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the OfficeOnline application is upgraded to 1.1.1. As a workaround, one may disable the OfficeOnline application in the app settings.

 

 >>> Vendor: Nextcloud 18 Products
MAIL
Desktop
TALK
Server
NEWS
Calendar
Nextcloud
Nextcloud server
Lookup-server
Circles
DECK
Group folders
Nextcloud mail
Contacts
Preferred providers
Social
Richdocuments
Officeonline


Copyright 2024, cxsecurity.com

 

Back to Top