← back
CVE-2022-36075

File list exposure in Nextcloud Files Access Control

CVSS 2.6 LOWEPSS 0.4%CWE-200
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2.6EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Sep 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
Affected products
nextcloud · security-advisories

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/nextcloud/files_accesscontrol/pull/248https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-g7v7-v62w