Senamaud

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 26.0.12 Nextcloud Server versions prior to 27.1.7 Nextcloud Server versions prior to 28.0.3 Nextcloud Enterprise Server versions prior to 26.0.12 Nextcloud Enterprise Server versions prior to 27.1.7 Nextcloud Enterprise Server versions prior to 28.0.3 **Description** The issue is related to inadequate access control in the Nextcloud Server, a self-hosted personal cloud system. This allows a malicious user with read permissions to send delete requests for old versions of files they were shared with, potentially leading to a denial of service. **Recommendations** Upgrade Nextcloud Server to version 26.0.12 or 27.1.7 or 28.0.3. Upgrade Nextcloud Enterprise Server to version 26.0.12 or 27.1.7 or 28.0.3.

**Name of the Vulnerable Software and Affected Versions** Nextcloud server versions prior to 24.0.10 Nextcloud server versions prior to 25.0.4 **Description** The issue affects Nextcloud server, an open source home cloud implementation, where users who should not have download permissions can still download an older version of a file and use it for uncontrolled distribution. **Recommendations** For versions prior to 24.0.10, upgrade to version 24.0.10 or later. For versions prior to 25.0.4, upgrade to version 25.0.4 or later.