CVE-2018-3762

Summary

Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to.

Affected Software

VendorProductVersion RangeStatus
NextcloudNextcloud Server<13.0.3, <12.0.8affected

Weaknesses

  • CWE-284: Improper Access Control - Generic (CWE-284)

ADP Enrichment

CVE Program Container

Additional References

References