Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-36075

Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue

Published

2022-09-15T22:15:11.387

Last Modified

2024-11-21T07:12:19.593

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.6 (LOW)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	files_access_control	< 1.12.2	Yes
Application	nextcloud	files_access_control	1.13.0	Yes
Application	nextcloud	files_access_control	1.14.0	Yes

References

https://github.com/nextcloud/files_accesscontrol/pull/248 Patch, Third Party Advisory ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-g7v7-v62w Third Party Advisory ([email protected])
https://github.com/nextcloud/files_accesscontrol/pull/248 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-g7v7-v62w Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)