Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
All users can reset the allowed apps list for Nextcloud Guest App users
Vulnerability Description
Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were not intended to be used. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
权限预留不恰当
Vulnerability Title
Nextcloud 安全漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud guests存在安全漏洞,该漏洞源于所有用户都可以为来宾用户重置应用列表。受影响的产品和版本:Nextcloud guests 2.4.0及更高版本,2.5.0及更高版本,3.0.0及更高版本。
CVSS Information
N/A
Vulnerability Type
N/A