Fernandoenzo

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 26.0.13 Nextcloud Server versions prior to 27.1.8 Nextcloud Server versions prior to 28.0.4 Nextcloud Enterprise Server versions prior to 26.0.13 Nextcloud Enterprise Server versions prior to 27.1.8 Nextcloud Enterprise Server versions prior to 28.0.4 **Description** A recipient of a share with read and share permissions could reshare the item with more permissions. This issue is related to the sending of requests to delete old versions of files that could only be obtained with read permissions. Exploitation of this issue may allow a remote attacker to impact data integrity or cause a denial of service. **Recommendations** For Nextcloud Server versions prior to 26.0.13, upgrade to version 26.0.13 or later. For Nextcloud Server versions prior to 27.1.8, upgrade to version 27.1.8 or later. For Nextcloud Server versions prior to 28.0.4, upgrade to version 28.0.4 or later. For Nextcloud Enterprise Server versions prior to 26.0.13, upgrade to version 26.0.13 or later. For Nextcloud Enterprise Server versions prior to 27.1.8, upgrade to version 27.1.8 or later. For Nextcloud Enterprise Server versions prior to 28.0.4, upgrade to version 28.0.4 or later.