Nextcloud richdocuments 7.0.0 Beta 2

CPE Details

Nextcloud richdocuments 7.0.0 Beta 2
nextcloud
richdocuments
7.0.0
2023-02-16
13h59 +00:00
2023-02-21
14h58 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:nextcloud:richdocuments:7.0.0:beta2:*:*:*:*:*:*

Informations

Vendor

nextcloud

Product

richdocuments

Version

7.0.0

Update

beta2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-28645 2023-03-31 22h08 +00:00 Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud.
6.5
Medium
CVE-2023-25150 2023-02-08 19h15 +00:00 Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue.
5.8
Medium