Impact
Due to a file traversal vulnerability an attacker is able to download arbitrary SVG images from the host system, including user provided files.
This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript.
Patches
It is recommended that the Nextcloud Server is upgraded to 20.0.13, 21.0.5 or 22.2.0.
Workarounds
None.
References
For more information
If you have any questions or comments about this advisory:
Impact
Due to a file traversal vulnerability an attacker is able to download arbitrary SVG images from the host system, including user provided files.
This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript.
Patches
It is recommended that the Nextcloud Server is upgraded to 20.0.13, 21.0.5 or 22.2.0.
Workarounds
None.
References
For more information
If you have any questions or comments about this advisory: