CVE-2023-30539

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 24.0.11 Nextcloud Server versions prior to 25.0.5 Nextcloud Enterprise Server versions prior to 21.0.9.11 Nextcloud Enterprise Server versions prior to 22.2.10.11 Nextcloud Enterprise Server versions prior to 23.0.12.6 Nextcloud Enterprise Server versions prior to 24.0.11 Nextcloud Enterprise Server versions prior to 25.0.5 Nextcloud Files automated tagging app versions prior to 1.11.1 Nextcloud Files automated tagging app versions prior to 1.12.1 Nextcloud Files automated tagging app versions prior to 1.13.1 Nextcloud Files automated tagging app versions prior to 1.14.2 Nextcloud Files automated tagging app versions prior to 1.15.3 Nextcloud Files automated tagging app versions prior to 1.16.1

Description Nextcloud is a personal home server system. Depending on the setup tags and other workflows, this issue can be used to limit access of others or grant them access when there are system tag-based files access control or files retention rules.

Recommendations For Nextcloud Server version prior to 24.0.11, upgrade to 24.0.11 or 25.0.5. For Nextcloud Enterprise Server version prior to 21.0.9.11, upgrade to 21.0.9.11, 22.2.10.11, 23.0.12.6, 24.0.11 or 25.0.5. For Nextcloud Files automated tagging app version prior to 1.11.1, upgrade to 1.11.1, 1.12.1, 1.13.1, 1.14.2, 1.15.3 or 1.16.1. For users unable to upgrade, disable all workflow-related apps.