Impact
The File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share.
Patches
It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1.
Workarounds
Disable the Richdocuments application.
References
For more information
If you have any questions or comments about this advisory:
Impact
The File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share.
Patches
It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1.
Workarounds
Disable the Richdocuments application.
References
For more information
If you have any questions or comments about this advisory: