Exception logging in Sharepoint app reveals clear-text connection details

Disclosed: 2022-11-26 12:46:33 By kichernde_erbse To nextcloud

Medium

Vulnerability Details

## Summary: On Exceptions thrown in the context of the SharePoint app, connection credentials may be written to the Nextcloud log in clear text. ## Steps To Reproduce: Attempt to configure a sharepoint mount in an erroneous way. ## Supporting Material/References: * was files publically: https://github.com/nextcloud/sharepoint/issues/141 ## Impact When an attacker gets hold of the nextcloud log, they may gain knowledge of credentials to connect to a SharePoint service.

Actions

View on HackerOne

Report Stats

Report ID: 1652903
State: Closed
Substate: resolved
Upvotes: 4

Exception logging in Sharepoint app reveals clear-text connection details

Vulnerability Details

Actions

Report Stats

Share this report