Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list
Vulnerability Description
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
侵犯隐私
Vulnerability Title
Nextcloud Server 安全漏洞
Vulnerability Description
Nextcloud Server是Nextcloud开源的一个Nextcloud服务器程序。 Nextcloud Server存在安全漏洞,该漏洞源于联系人搜索功能访问控制不当,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A