CVE-2022-36075

Опубликовано: 15 сент. 2022

Источник: nvd

CVSS3: 2.6

CVSS3: 4.3

EPSS Низкий

Описание

Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue

Ссылки

https://github.com/nextcloud/files_accesscontrol/pull/248
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-g7v7-v62w
Third Party Advisory
https://github.com/nextcloud/files_accesscontrol/pull/248
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-g7v7-v62w
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:files_access_control:*:*:*:*:*:*:*:*

Версия до 1.12.2 (исключая)

cpe:2.3:a:nextcloud:files_access_control:1.13.0:*:*:*:*:*:*:*

cpe:2.3:a:nextcloud:files_access_control:1.14.0:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00157

Низкий

2.6 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-200

CWE-269

EPSS

Процентиль: 37%

0.00157

Низкий

2.6 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-200

CWE-269