FreeBSD : Nextcloud -- multiple vulnerabilities (afa018d9-8557-11ea-a5e2-d4c9ef517024)

high Nessus Plugin ID 135945

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Nextcloud reports :

XSS in Files PDF viewer (NC-SA-2020-019)

Missing ownership check on remote wipe endpoint (NC-SA-2020-018)

Solution

Update the affected package.

See Also

https://nextcloud.com/security/advisories/

https://nextcloud.com/security/advisory/?id=NC-SA-2020-018

https://nextcloud.com/security/advisory/?id=NC-SA-2020-019

http://www.nessus.org/u?bfc40bef

Plugin Details

Severity: High

ID: 135945

File Name: freebsd_pkg_afa018d9855711eaa5e2d4c9ef517024.nasl

Version: 1.1

Type: local

Published: 4/24/2020

Updated: 4/24/2020

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:nextcloud, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/23/2020

Vulnerability Publication Date: 3/18/2020