Security update for nextcloud
This update for nextcloud to 18.0.4 fixes the following issues:
Security issues fixed:
- CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs (NC-SA-2020-018 boo#1171579).
- CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices of other users (NC-SA-2020-019 boo#1171572).
-
Submitted by
Eric Schirra (ecsos)
Fixed bugs
bnc#1171572
VUL-1: CVE-2020-8155: Cross-site scripting vulnerability when opening a malicious PDF
bnc#1171579
VUL-0: CVE-2020-8154: nextcloud: remote wipe of devices of other users via a malicious request directly to the endpoint
