Vulnerability Description
Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Files Access Control | < 1.12.2 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/files_accesscontrol/pull/248PatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-gThird Party Advisory
- https://github.com/nextcloud/files_accesscontrol/pull/248PatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-gThird Party Advisory
FAQ
What is CVE-2022-36075?
CVE-2022-36075 is a vulnerability with a CVSS score of 2.6 (LOW). Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issu...
How severe is CVE-2022-36075?
CVE-2022-36075 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-36075?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Files Access Control.