CVE-2022-36075

Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 LOW
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
GitHub_MCNA
2.6 LOW
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
nextcloudfiles_access_control
𝑥
< 1.12.2
nextcloudfiles_access_control
1.13.0
nextcloudfiles_access_control
1.14.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/nextcloud/files_accesscontrol/pull/248
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-g7v7-v62w
https://github.com/nextcloud/files_accesscontrol/pull/248
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-g7v7-v62w