Impact
The Nextcloud Text application shipped with Nextcloud server did return verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file shared.txt is located within /files/$username/Myfolder/Mysubfolder/shared.txt)
Patches
It is recommended that the Nextcloud Server is upgraded to 19.0.13, 20.0.11 or 21.0.3
Workarounds
Disable the Nextcloud Text application in the app settings.
References
For more information
If you have any questions or comments about this advisory:
LukasReschke Analyst
Impact
The Nextcloud Text application shipped with Nextcloud server did return verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file
shared.txtis located within/files/$username/Myfolder/Mysubfolder/shared.txt)Patches
It is recommended that the Nextcloud Server is upgraded to 19.0.13, 20.0.11 or 21.0.3
Workarounds
Disable the Nextcloud Text application in the app settings.
References
For more information
If you have any questions or comments about this advisory: