3 matches found
CVE-2023-25159
CVE-2023-25159 affects Nextcloud Server and related components. Technical details from PT Security show the issue resides in OCFilesNodeFolder::getFullPath(), where improper validation/normalization can allow crafted paths to escape a user’s space, potentially overwriting other users’ data. Affec...
CVE-2023-25821
Nextcloud CVE-2023-25821 describes an Improper Access Control in Nextcloud Server prior to 24.0.7 and 25.0.1 where the Secure view for internal shares can be bypassed if reshare permissions are granted. Affected versions are 24.0.4–24.0.6 and 25.0.0–25.0.0 (and other lines indicate similar ranges...
CVE-2023-28844
CVE-2023-28844 affects Nextcloud Server; an access-control error allows users who should not download a file to retrieve an older version and distribute it. Affected versions were prior to 24.0.10 and prior to 25.0.4. The issue is mitigated by upgrading to Nextcloud Server 24.0.10 or 25.0.4 (or l...