Fortinet Discovers Nextcloud Insufficient Input Validation Vulnerability
Fortinet's FortiGuard Labs has discovered an insufficient input validation vulnerability in Nextcloud.
Nextcloud is a suite of client-server software for creating file hosting services.
An input insufficient validation vulnerability has been discovered in Nextcloud before 12.0.3 and 11.0.5. Improper validation of user input allows an attacker to not have their actions logged to the audit log.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released May 30, 2017
Users should apply the solution provided by Nextcloud.
Fortinet reported the vulnerability to Nextcloud on May 26, 2017.
Nextcloud confirmed the vulnerability on May 27, 2017.
Nextcloud patched the vulnerability on September 20, 2017.
This vulnerability was discovered by Zhouyuan Yang of Fortinet's FortiGuard Labs.