{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Nextcloud ist eine \"on-premise\" Plattform für Dateifreigabe und Zusammenarbeit.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in Nextcloud ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um einen SQL-Injection Angriff durchzuführen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- Sonstiges\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1517 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1517.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1517 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1517" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-mp6x-g55j-w9jw vom 2026-05-12", "url" : "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mp6x-g55j-w9jw" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-q4fw-6jf8-5vhh vom 2026-05-12", "url" : "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q4fw-6jf8-5vhh" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-vvxm-6jjp-m9mp vom 2026-05-12", "url" : "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vvxm-6jjp-m9mp" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-x43f-gmgh-vvjj vom 2026-05-12", "url" : "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x43f-gmgh-vvjj" } ], "source_lang" : "en-US", "title" : "Nextcloud: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-06-01T22:00:00.000+00:00", "generator" : { "date" : "2026-06-02T07:07:35.725+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.6.0" } }, "id" : "WID-SEC-W-2026-1517", "initial_release_date" : "2026-05-12T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-05-12T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-06-01T22:00:00.000+00:00", "number" : "2", "summary" : "Referenz(en) aufgenommen: EUVD-2026-33718, EUVD-2026-33715, EUVD-2026-33714, EUVD-2026-33713" } ], "status" : "final", "version" : "2" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "Forms <5.2.7", "product" : { "name" : "Nextcloud Nextcloud Forms <5.2.7", "product_id" : "T053993" } }, { "category" : "product_version", "name" : "Forms 5.2.7", "product" : { "name" : "Nextcloud Nextcloud Forms 5.2.7", "product_id" : "T053993-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:nextcloud:nextcloud:forms__5.2.7" } } }, { "category" : "product_version_range", "name" : "Tables <1.0.4", "product" : { "name" : "Nextcloud Nextcloud Tables <1.0.4", "product_id" : "T053994" } }, { "category" : "product_version", "name" : "Tables 1.0.4", "product" : { "name" : "Nextcloud Nextcloud Tables 1.0.4", "product_id" : "T053994-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:nextcloud:nextcloud:tables__1.0.4" } } }, { "category" : "product_version_range", "name" : "Tables <2.0.0", "product" : { "name" : "Nextcloud Nextcloud Tables <2.0.0", "product_id" : "T053995" } }, { "category" : "product_version", "name" : "Tables 2.0.0", "product" : { "name" : "Nextcloud Nextcloud Tables 2.0.0", "product_id" : "T053995-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:nextcloud:nextcloud:tables__2.0.0" } } }, { "category" : "product_version_range", "name" : "Tables <0.7.7", "product" : { "name" : "Nextcloud Nextcloud Tables <0.7.7", "product_id" : "T053996" } }, { "category" : "product_version", "name" : "Tables 0.7.7", "product" : { "name" : "Nextcloud Nextcloud Tables 0.7.7", "product_id" : "T053996-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:nextcloud:nextcloud:tables__0.7.7" } } }, { "category" : "product_version_range", "name" : "Tables <0.8.10", "product" : { "name" : "Nextcloud Nextcloud Tables <0.8.10", "product_id" : "T053997" } }, { "category" : "product_version", "name" : "Tables 0.8.10", "product" : { "name" : "Nextcloud Nextcloud Tables 0.8.10", "product_id" : "T053997-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:nextcloud:nextcloud:tables__0.8.10" } } }, { "category" : "product_version_range", "name" : "Tables <0.9.8", "product" : { "name" : "Nextcloud Nextcloud Tables <0.9.8", "product_id" : "T053998" } }, { "category" : "product_version", "name" : "Tables 0.9.8", "product" : { "name" : "Nextcloud Nextcloud Tables 0.9.8", "product_id" : "T053998-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:nextcloud:nextcloud:tables__0.9.8" } } }, { "category" : "product_version_range", "name" : "Server <33.0.3", "product" : { "name" : "Nextcloud Nextcloud Server <33.0.3", "product_id" : "T053999" } }, { "category" : "product_version", "name" : "Server 33.0.3", "product" : { "name" : "Nextcloud Nextcloud Server 33.0.3", "product_id" : "T053999-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:nextcloud:nextcloud:server__33.0.3" } } }, { "category" : "product_version_range", "name" : "Server <32.0.9", "product" : { "name" : "Nextcloud Nextcloud Server <32.0.9", "product_id" : "T054000" } }, { "category" : "product_version", "name" : "Server 32.0.9", "product" : { "name" : "Nextcloud Nextcloud Server 32.0.9", "product_id" : "T054000-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:nextcloud:nextcloud:server__32.0.9" } } }, { "category" : "product_version_range", "name" : "Enterprise Server <33.0.3", "product" : { "name" : "Nextcloud Nextcloud Enterprise Server <33.0.3", "product_id" : "T054001" } }, { "category" : "product_version", "name" : "Enterprise Server 33.0.3", "product" : { "name" : "Nextcloud Nextcloud Enterprise Server 33.0.3", "product_id" : "T054001-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:nextcloud:nextcloud:enterprise_server__33.0.3" } } }, { "category" : "product_version_range", "name" : "Enterprise Server <32.0.9", "product" : { "name" : "Nextcloud Nextcloud Enterprise Server <32.0.9", "product_id" : "T054002" } }, { "category" : "product_version", "name" : "Enterprise Server 32.0.9", "product" : { "name" : "Nextcloud Nextcloud Enterprise Server 32.0.9", "product_id" : "T054002-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:nextcloud:nextcloud:enterprise_server__32.0.9" } } }, { "category" : "product_version_range", "name" : "Enterprise Server <31.0.14.5", "product" : { "name" : "Nextcloud Nextcloud Enterprise Server <31.0.14.5", "product_id" : "T054003" } }, { "category" : "product_version", "name" : "Enterprise Server 31.0.14.5", "product" : { "name" : "Nextcloud Nextcloud Enterprise Server 31.0.14.5", "product_id" : "T054003-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:nextcloud:nextcloud:enterprise_server__31.0.14.5" } } }, { "category" : "product_version_range", "name" : "Enterprise Server <30.0.17.9", "product" : { "name" : "Nextcloud Nextcloud Enterprise Server <30.0.17.9", "product_id" : "T054004" } }, { "category" : "product_version", "name" : "Enterprise Server 30.0.17.9", "product" : { "name" : "Nextcloud Nextcloud Enterprise Server 30.0.17.9", "product_id" : "T054004-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:nextcloud:nextcloud:enterprise_server__30.0.17.9" } } }, { "category" : "product_version_range", "name" : "Enterprise Server <29.0.16.16", "product" : { "name" : "Nextcloud Nextcloud Enterprise Server <29.0.16.16", "product_id" : "T054005" } }, { "category" : "product_version", "name" : "Enterprise Server 29.0.16.16", "product" : { "name" : "Nextcloud Nextcloud Enterprise Server 29.0.16.16", "product_id" : "T054005-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:nextcloud:nextcloud:enterprise_server__29.0.16.16" } } } ], "category" : "product_name", "name" : "Nextcloud" } ], "category" : "vendor", "name" : "Nextcloud" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-45543", "product_status" : { "known_affected" : [ "T053993" ] }, "release_date" : "2026-05-12T22:00:00.000+00:00", "title" : "CVE-2026-45543" }, { "cve" : "CVE-2026-45544", "product_status" : { "known_affected" : [ "T053998", "T053996", "T053997", "T053994", "T053995" ] }, "release_date" : "2026-05-12T22:00:00.000+00:00", "title" : "CVE-2026-45544" }, { "cve" : "CVE-2026-45545", "product_status" : { "known_affected" : [ "T053998", "T053996", "T053997", "T053994", "T053995" ] }, "release_date" : "2026-05-12T22:00:00.000+00:00", "title" : "CVE-2026-45545" }, { "cve" : "CVE-2026-45691", "product_status" : { "known_affected" : [ "T054002", "T054001", "T054000", "T053999", "T054005", "T054004", "T054003" ] }, "release_date" : "2026-05-12T22:00:00.000+00:00", "title" : "CVE-2026-45691" } ] }