Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Full path of data directory exposed to Nextcloud server users
Vulnerability Description
Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get the full data directory path of the Nextcloud server from an API endpoint. By itself this information is not problematic as it can also be guessed for most common setups, but it could speed up other unknown attacks in the future if the information is known. Nextcloud Server 24.0.6 and 25.0.4 and Nextcloud Enterprise Server 23.0.11, 24.0.6, and 25.0.4 contain patches for this issue. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
敏感数据的不恰当跨边界移除
Vulnerability Title
Nextcloud 信息泄露漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud存在信息泄露漏洞,该漏洞源于用户能够从 API 端点获取 Nextcloud服务器的完整数据目录路径。
CVSS Information
N/A
Vulnerability Type
N/A