Ro0Telqayser

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 23.0.7 Nextcloud Server versions prior to 24.0.3 Nextcloud Enterprise Server versions prior to 22.2.11 Nextcloud Enterprise Server versions prior to 23.0.7 Nextcloud Enterprise Server versions prior to 24.0.3 **Description** The Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the `Authorization` header on HTTP downgrade. This can lead to account access exposure and compromise. **Recommendations** For Nextcloud Server versions prior to 23.0.7, upgrade to 23.0.7 or 24.0.3. For Nextcloud Server versions prior to 24.0.3, upgrade to 24.0.3. For Nextcloud Enterprise Server versions prior to 22.2.11, upgrade to 22.2.11, 23.0.7 or 24.0.3. For Nextcloud Enterprise Server versions prior to 23.0.7, upgrade to 23.0.7 or 24.0.3. For Nextcloud Enterprise Server versions prior to 24.0.3, upgrade to 24.0.3. As a temporary workaround, consider disabling the use of the `Authorization` header in HTTP downgrades until a patch is available.