Описание
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is upgraded to 0.19.15, 0.20.11 or 0.21.4. There are no workarounds for this issue.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.19.5 (исключая)Версия от 0.20.0 (включая) до 0.20.11 (исключая)Версия от 0.21.0 (включая) до 0.21.4 (исключая)
Одно из
cpe:2.3:a:nextcloud:circles:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:circles:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:circles:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00327
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-639
CWE-639
EPSS
Процентиль: 55%
0.00327
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-639
CWE-639