Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Advanced permissions is not respected for subfolders in Nextcloud server
Vulnerability Description
Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting "advanced permissions" on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the "groupfolders" application in the admin settings.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Nextcloud 安全漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud server 存在安全漏洞,该漏洞源于Nextcloud的groupfolders应用程序允许与一群人共享一个文件夹。Nextcloud server是一个自托管系统,旨在提供云风格的服务。此外,该漏洞允许攻击者对子文件夹设置“advanced permissions”,例如,用户可以被授予对groupfolders的访问权限,但不能被授予对特定子文件夹的访问权限。由于受影响的版本缺乏权限检
CVSS Information
N/A
Vulnerability Type
N/A