Описание
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings.
Ссылки
- Third Party Advisory
- PatchThird Party Advisory
- Permissions Required
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Permissions Required
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 19.0.13 (исключая)Версия от 20.0.0 (включая) до 20.0.11 (исключая)Версия от 21.0.0 (включая) до 21.0.3 (исключая)
Одно из
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00274
Низкий
3.1 Low
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-209
CWE-209
Связанные уязвимости
CVSS3: 3.1
debian
около 4 лет назад
Nextcloud Server is a Nextcloud package that handles data storage. In ...
EPSS
Процентиль: 51%
0.00274
Низкий
3.1 Low
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-209
CWE-209