Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to.
CPE | Name | Operator | Version |
---|---|---|---|
nextcloud_server | lt | 12.0.8 | |
nextcloud_server | ge | 13.0.0 | |
nextcloud_server | lt | 13.0.3 |