It’s possible to fully access the user’s nextcloud files on Nextcloud App iOS by using the Files app on iPhone.
Proof of Concept: #
- Download the nextcloud iOS app
- Login your account
- set a passcode
- Open the files app then go to > Browse
- Under the locations pick nextcloud
- click turn on
References #
- https://hackerone.com/reports/1847368
- https://nvd.nist.gov/vuln/detail/CVE-2023-28647
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wjgg-2v4p-2gq6