Carlschwan

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 20.0.14 Nextcloud Server versions prior to 21.0.6 Nextcloud Server versions prior to 22.2.1 **Description** The Nextcloud server is a self-hosted system designed to provide cloud-style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people and setting advanced permissions on subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. **Recommendations** For versions prior to 20.0.14, upgrade to 20.0.14. For versions prior to 21.0.6, upgrade to 21.0.6. For versions prior to 22.2.1, upgrade to 22.2.1. Users unable to upgrade should disable the groupfolders application in the admin settings.