Maccs

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 27.1.9 Nextcloud Server versions prior to 28.0.5 Nextcloud Server versions prior to 29.0.0 Nextcloud Enterprise Server versions prior to 21.0.9.18 Nextcloud Enterprise Server versions prior to 22.2.10.23 Nextcloud Enterprise Server versions prior to 23.0.12.18 Nextcloud Enterprise Server versions prior to 24.0.12.14 Nextcloud Enterprise Server versions prior to 25.0.13.9 Nextcloud Enterprise Server versions prior to 26.0.13.3 **Description** The issue is related to incorrect access control in Nextcloud Server, allowing a remote attacker to access confidential information. Specifically, after a user receives a share with blocked files, they can still copy the intermediate folder, potentially accessing the blocked files depending on user access control rules. **Recommendations** Upgrade Nextcloud Server to version 27.1.9 or later. Upgrade Nextcloud Server to version 28.0.5 or later. Upgrade Nextcloud Server to version 29.0.0 or later. Upgrade Nextcloud Enterprise Server to version 21.0.9.18 or later. Upgrade Nextcloud Enterprise Server to version 22.2.10.23 or later. Upgrade Nextcloud Enterprise Server to version 23.0.12.18 or later. Upgrade Nextcloud Enterprise Server to version 24.0.12.14 or later. Upgrade Nextcloud Enterprise Server to version 25.0.13.9 or later. Upgrade Nextcloud Enterprise Server to version 26.0.13.3 or later. As a temporary workaround, consider restricting access to shared folders with blocked files until the upgrade is applied.