CVE-2022-36075

Summary

Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories< 1.12.2affected
nextcloudsecurity-advisories>= 1.13.0, < 1.13.1affected
nextcloudsecurity-advisories>= 1.14.0, < 1.14.1affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References