Juliushaertl

**Name of the Vulnerable Software and Affected Versions** Nextcloud Office versions prior to 7.0.2 Nextcloud Office versions prior to 6.3.2 Nextcloud Office versions prior to 5.0.10 Nextcloud Office versions prior to 4.2.9 Nextcloud Office versions prior to 3.8.7 **Description** The Collabora integration in Nextcloud Office can be tricked into providing access to any file without proper permission validation, allowing any user with access to Collabora to obtain the content of other users' files. **Recommendations** Update the Nextcloud Office App (Collabora Integration) to version 7.0.2 for Nextcloud 25. Update the Nextcloud Office App (Collabora Integration) to version 6.3.2 for Nextcloud 24. Update the Nextcloud Office App (Collabora Integration) to version 5.0.10 for Nextcloud 23. Update the Nextcloud Office App (Collabora Integration) to version 4.2.9 for Nextcloud 21-22. Update the Nextcloud Office App (Collabora Integration) to version 3.8.7 for Nextcloud 15-20.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 24.0.7 Nextcloud Server versions prior to 25.0.1 **Description** The issue affects Nextcloud Server, an open source personal cloud server, where disabled download shares still allow download through preview images. This means images could be downloaded and previews of documents, specifically the first page, can be downloaded without being watermarked. **Recommendations** For versions prior to 24.0.7, update to version 24.0.7 or later to resolve the issue. For versions prior to 25.0.1, update to version 25.0.1 or later to resolve the issue.