Description

Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue

Related CPE's

a

nextcloud

files_access_control

3

References

https://github.com/nextcloud/files_accesscontrol/pull/248

PatchThird Party Advisory

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-g7v7-v62w

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-269

[email protected]

Secondary
CWE-200

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-09-15T22:15:11.387

2 years ago

Last modified

2022-09-19T19:16:07.370

2 years ago