Lucene search
China National Vulnerability DatabaseCNVD-2022-20692HistoryMar 10, 2022 - 12:00 a.m.
Nextcloud server authorization issue vulnerability (CNVD-2022-20692)
2022-03-1000:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
0.001 Low
EPSS
Percentile
33.2%
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server is a self-hosted system designed to provide cloud-style services. nextcloud server is vulnerable to an authorization issue that stems from a lack of permission checking for specific subfiles. An attacker could exploit this vulnerability to gain unauthorized access to these subfolders by copying the group folder to another location.
| CPE | Name | Operator | Version |
|---|---|---|---|
| Nextcloud Nextcloud Server | lt | 20.0.14 | |
| Nextcloud Nextcloud Server | eq | 22.2.0 | |
| Nextcloud Nextcloud Server >=21.0.0, | lt | 21.0.6 |
Related
osv
osv
CVE-2021-41241
2022-03-08 19:15:07
nvd
nvd
CVE-2021-41241
2022-03-08 19:15:07
prion
prion
Design/Logic Flaw
2022-03-08 19:15:00
cve
cve
CVE-2021-41241
2022-03-08 19:15:07
nextcloud
nextcloud
Groupfolders advanced permissions is not obeyed for subfolders
2022-03-08 16:13:01
cvelist
cvelist
suse
suse
Security update for nextcloud (moderate)
2022-03-23 00:00:00
Security update for nextcloud (moderate)
2022-03-31 00:00:00
nessus
nessus
openSUSE 15 Security Update : nextcloud (openSUSE-SU-2022:0098-1)
2022-04-01 00:00:00
GLSA-202208-17 : Nextcloud: Multiple Vulnerabilities
2022-08-16 00:00:00
openvas
openvas
gentoo
gentoo
Nextcloud: Multiple Vulnerabilities
2022-08-10 00:00:00