Is NextCloud server vulnerable to this new jquery file upload vulnerability (CVE-2018-9206)?

[user23498723452]

Is NextCloud server vulnerable to this jquery file upload vulnerability? In my brief testing it does not appear to be, but I want to be sure ... more than I want to collect a bug bounty.

https://www.bleepingcomputer.com/news/security/jquery-file-upload-plugin-vulnerable-for-8-years-and-only-hackers-knew/

https://github.com/lcashdol/Exploits/blob/master/CVE-2018-9206/

https://github.com/blueimp/jQuery-File-Upload/wiki/Security

NC separates the uploaded file path from the uri and presumably prevents execution in this manner. Not to mention that NC seems to require authentication. So, at worst a privilege escalation issue. I tested the exploit locally and it failed. At the very least the uri/path to anything of concern in nextcloud is different.

I think this file is the affected component and is a vulnerable version:

https://github.com/nextcloud/server/blob/master/apps/files/js/jquery.fileupload.js

Here is the path I can locate the source js at on my server:

~website/apps/files/js/jquery.fileupload.js

But I have not figured if the same vulnerability is exposed.

[nextcloud-bot]

GitMate.io thinks possibly related issues are #5438 (Nextcloud won't upload larger files), #7622 (NextCloud Server Listener ), #8753 (Nextcloud server is not cleaning old uploads entries), #6223 (Unable to upload files to NextCloud), and #3402 (Hook for after uploading a new file).

[rullzer]

Feel free to report such issue to our hackerone program :)
Anyway. No Nextcloud is not affected. This was a bug in the php code of the plugin which we do not use.

Thanks for reporting :)