PT-2022-23163 · Nextcloud · Nextcloud Files Access Control App

Nickvergessen

·

Published

2022-09-15

·

Updated

2022-09-19

·

CVE-2022-36075

CVSS v3.1

2.6

Low

VectorAV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Nextcloud Files Access Control app versions prior to 1.12.2 Nextcloud Files Access Control app versions prior to 1.13.1 Nextcloud Files Access Control app versions prior to 1.14.1
Description The Nextcloud Files Access Control app has an issue where users with limited access can see file names in certain cases where they do not have the privilege to do so.
Recommendations For versions prior to 1.12.2, upgrade to 1.12.2. For versions prior to 1.13.1, upgrade to 1.13.1. For versions prior to 1.14.1, upgrade to 1.14.1.

Exploit

Fix

Improper Privilege Management

Information Disclosure

Weakness Enumeration

CWE-269CWE-200

Related Identifiers

CVE-2022-36075
GHSA-4M73-G7V7-V62W

Affected Products

Nextcloud Files Access Control App