>>61491859
>>61491516
Germanfag here, this is the mail my (pretty big) hoster got for its OC users
Dear Sir or Madam,
ownCloud and Nextcloud are software suites for running self-hosted
cloud instances for data synchronization and sharing.
The German company Nextcloud GmbH performed scans for installations
of ownCloud and Nextcloud openly accessible from the Internet.
This way, a larger number of cloud instances running with outdated
and vulnerable versions of the software were identified.
The vulnerabilities can be exploited to gain unauthorized access
to the data stored in the cloud. Attackers could potentially get
access to sensitive information like private documents, photos or
customer data from companies and subsequently publish this
information on the Internet or utilize it for criminal activities
like blackmailing. Other vulnerabilites can be exploited to
execute arbitrary code on the cloud server and potentially lead
to a full compromise of the system and its abuse for further
criminal activities.
Nextcloud GmbH provided CERT-Bund with the results of their tests
for assistance with the notification of affected parties.
Please find below a list of affected systems hosted on your network.
The timestamp (timezone UTC) indicates when the vulnerable cloud
installation was identified. Additionally, each record includes
a risk level and an individual ID (UUID).
Nextcloud GmbH provides detailed information on the vulnerabilities
identified with each cloud instance at:
https://scan.nextcloud.com/results/[UUID]
The Parameter [UUID] needs to be replaced with the UUID provided
for the respective system.
We would like to ask you to check these issues and take appropriate
action to update the cloud installations on the affected systems
or notify your customers accordingly. Software updates fixing the
reported problems are available for all reported vulnerabilities.
Of course, the Nextcloud GmbH is interested in getting Owncloud users to switch ...