CVE-2021-39223

Name of the Vulnerable Software and Affected Versions Nextcloud Richdocuments versions prior to 3.8.6 and 4.2.3

Description The Nextcloud Richdocuments application returned verbatim exception messages to the user, which could result in a full path disclosure on shared files. For example, an attacker could see that the file shared.txt is located within /files/$username/Myfolder/Mysubfolder/shared.txt.

Recommendations For versions prior to 3.8.6, upgrade to version 3.8.6. For versions prior to 4.2.3, upgrade to version 4.2.3. As a temporary workaround, consider disabling the Richdocuments application in the app settings.