Profile of disabled user stays accessible
Package
Server
(Nextcloud)
Affected versions
< 23.0.9, < 24.0.5
Patched versions
23.0.9, 24.0.5
Server
(Nextcloud Enterprise)
< 23.0.9, < 24.0.5
23.0.9, 24.0.5
Impact
Exposure of information that can not be controlled by administrators without direct database access.
Patches
It is recommended that the Nextcloud Server is upgraded to 23.0.9 or 24.0.5
It is recommended that the Nextcloud Enterprise Server is upgraded to 23.0.9 or 24.0.5
Workarounds
No workaround available
References
For more information
If you have any questions or comments about this advisory: