漏洞标题
在 Nextcloud 服务器中的子文件夹的高级权限未 respected
漏洞描述信息
Nextcloud服务器中,子文件夹的高级权限未得到尊重
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
Advanced permissions is not respected for subfolders in Nextcloud server
漏洞描述信息
Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting "advanced permissions" on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the "groupfolders" application in the admin settings.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
漏洞类别
授权机制不正确
漏洞标题
Nextcloud 安全漏洞
漏洞描述信息
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud server 存在安全漏洞,该漏洞源于Nextcloud的groupfolders应用程序允许与一群人共享一个文件夹。Nextcloud server是一个自托管系统,旨在提供云风格的服务。此外,该漏洞允许攻击者对子文件夹设置“advanced permissions”,例如,用户可以被授予对groupfolders的访问权限,但不能被授予对特定子文件夹的访问权限。由于受影响的版本缺乏权限检
CVSS信息
N/A
漏洞类别
其他