Summary
Security updates were released that resolve several vulnerabilities, including two with ‘high’ severity in Nexcloud Server, an open source cloud storage platform. These vulnerabilities, if exploited, could allow an attacker to circumvent security mechanisms and access confidential information on target systems.
Risk
Estimated impact of the vulnerability on the target community: HIGH/ORANGE (69.87/100)1.
Type
- Security Restriction Bypass
- Information Disclosure
Affected products and versions
Nextcloud Server
- 26.0.0, versions prior to 26.0.13
- 27.0.0, versions prior to 27.1.8
- 28.0.0, versions prior to 28.0.4
Mitigation Actions
In line with vendor statements, it is recommended to promptly update the product to the latest available version.
Unique Vulnerability Identifiers
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jjm3-j9xh-5xmq
https://github.com/nextcloud/security-advisories/security
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoCs, prevalence of affected software/devices in the relevant community.
