Lucene search
CtulhuH1:1781751HistoryNov 22, 2022 - 8:46 p.m.
Nextcloud: Ability to control the filename when uploading a logo or favicon on theming
2022-11-2220:46:30
ctulhu
hackerone.com
11
nextcloud
theming
filename control
logo
favicon
attacker
path disclosure
webapp
bug bounty
security issue
EPSS
0.002
Percentile
53.8%
Summary:
Hello,
When uploading a logo or favicon the filename can be controlled by attacker since the key can be modified which serves as the filename.
{F2044799}
{F2044800}
{F2044798}
Due to an error the path is also disclosed
{F2044802}
Steps To Reproduce:
[add details for how we can reproduce the issue]
- go to
http://localhost/settings/admin/theming - upload a logo or favicon
- intercept the request using burp
- modify the key
Impact
The attacker can upload any files directly in the webapp and path disclosure. Combining both information can be useful in later attacks.
Related
nextcloud
nextcloud
nvd
nvd
CVE-2023-28833
2023-03-30 19:15:06
cve
cve
CVE-2023-28833
2023-03-30 19:15:06
osv
osv
CVE-2023-28833
2023-03-30 19:15:06
cvelist
cvelist
prion
prion
Design/Logic Flaw
2023-03-30 19:15:00
openvas
openvas
redos
redos
ROS-20230418-01
2023-04-18 00:00:00