nextcloud_abuse_letter

1. Dear,
2.  
3. OwnCloud and Nextcloud are software suites for running self-hosted cloud
4. instances for data synchronization and sharing.
5.  
6. Recently a German company has performed security scans for installations of
7. ownCloud and Nextcloud openly accessible from the Internet. There have been
8. Owncloud and Nextcloud instances discovered within your network which
9. contain security vulnerabilities. We are contacting you because you are
10. listed as the abuse contact for this network.
11.  
12. The German company has provided detailed information on the vulnerabilities
13. which have been identified within each cloud instance at:
14. https://scan.nextcloud.com/results/{UUID}
15.  
16. The parameter {UUID} needs to be replaced with the UUID provided with the
17. cloud instance mentioned in the provided CSV report.
18.  
19. We would like to ask you to notify the owners of the affected systems.
20. Software updates fixing the vulnerabilities are publicly available.
21.  
22. In case of questions on the tests performed by the German company please
23. reach out to <###########@nextcloud.com>.
24.  
25. Please find attached a CSV list of affected systems hosted on your network.
26. The timestamp (timezone UTC) indicates when the vulnerable cloud
27. installation was identified. Additionally, each record includes a risk
28. level and an individual ID (UUID).