Robottod

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 19.0.13 Nextcloud Server versions prior to 20.0.11 Nextcloud Server versions prior to 21.0.3 **Description** The issue concerns default share permissions not being respected for federated reshares of files and folders in Nextcloud Server. **Recommendations** For versions prior to 19.0.13, update to version 19.0.13 or later. For versions prior to 20.0.11, update to version 20.0.11 or later. For versions prior to 21.0.3, update to version 21.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 19.0.13 Nextcloud Server versions prior to 20.0.11 Nextcloud Server versions prior to 21.0.3 **Description** The issue is related to a lack of ratelimiting on the public share link mount endpoint, which may have allowed an attacker to enumerate potentially valid share tokens. There are no known workarounds or mentions of real-world incidents where this issue was exploited. **Recommendations** For versions prior to 19.0.13, update to version 19.0.13 or later. For versions prior to 20.0.11, update to version 20.0.11 or later. For versions prior to 21.0.3, update to version 21.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Nextcloud iOS versions prior to 3.4.2 **Description** The issue arises when searches for sharees utilize the lookup server by default, instead of only on the local Nextcloud server, unless a global search has been explicitly chosen by the user. This leads to an information disclosure. **Recommendations** For Nextcloud iOS versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue.