Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NNextcloud Server
APPNextcloud14.0.0< 12.0.1113.0.0 – 13.0.6 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Related vulnerabilities
CVE-2023-26482CRITICAL9.0ten sam produkt
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation ...
CVE-2021-32802CRITICAL9.3ten sam produkt
Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews fo...
CVE-2021-22915CRITICAL9.8ten sam produkt
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion...
CVE-2026-45281HIGH8.1ten sam produkt
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before...
CVE-2024-37313HIGH7.3ten sam produkt
Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the...