VYPR

richdocuments

by Nextcloud

CVEs (7)

  • CVE-2023-28645Mar 31, 2023
    risk 0.00cvss epss 0.01

    Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the…

  • CVE-2023-25150Feb 8, 2023
    risk 0.00cvss epss 0.01

    Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the…

  • CVE-2022-31024Jun 2, 2022
    risk 0.00cvss epss 0.01

    richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and…

  • CVE-2021-39223Oct 25, 2021
    risk 0.00cvss epss 0.01

    Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see…

  • CVE-2021-37629Sep 7, 2021
    risk 0.00cvss epss 0.01

    Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud…

  • CVE-2021-37628Sep 7, 2021
    risk 0.00cvss epss 0.02

    Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share.…

  • CVE-2021-32748Jul 27, 2021
    risk 0.00cvss epss 0.01

    Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform Interface") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP…