Skip to content

File Traversal affecting SVG files on Nextcloud Server

High
LukasReschke published GHSA-jp9c-vpr3-m5rf Oct 25, 2021

Package

Server (Nextcloud)

Affected versions

< 20.0.13, < 21.0.5 , < 22.2.0

Patched versions

20.0.13, 21.0.5, 22.2.0

Description

Impact

Due to a file traversal vulnerability an attacker is able to download arbitrary SVG images from the host system, including user provided files.

This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript.

Patches

It is recommended that the Nextcloud Server is upgraded to 20.0.13, 21.0.5 or 22.2.0.

Workarounds

None.

References

For more information

If you have any questions or comments about this advisory:

Severity

High

CVE ID

CVE-2021-41178

Credits