Skip to content

Federated editing allows iframing remote servers by default

Low
julien-nc published GHSA-94hr-7g4v-f53r Jun 2, 2022

Package

richdocuments (Nextcloud)

Affected versions

< 5.0.4, < 4.2.6

Patched versions

6.0.0, 5.0.4, 4.2.6

Description

Impact

A user could be tricked into working against a remote Office by sending them a federated share.

Patches

It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 6.0.0, 5.0.4 or 4.2.6.

Workarounds

No workaround available

References

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2022-31024

Weaknesses