Skip to content

Disabled download shares still allow download through preview images

Low
nickvergessen published GHSA-9mh6-cph8-772c Dec 1, 2022

Package

Server (Nextcloud)

Affected versions

< 24.0.7, < 25.0.1

Patched versions

24.0.7, 25.0.1
Server (Nextcloud Enterprise)
< 24.0.7, < 25.0.1
24.0.7, 25.0.1

Description

Impact

Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked.

Patches

It is recommended that the Nextcloud Server is upgraded to 24.0.7 or 25.0.1
It is recommended that the Nextcloud Enterprise Server is upgraded to 24.0.7 or 25.0.1

Workarounds

No workaround available

References

For more information

If you have any questions or comments about this advisory:

Severity

Low
2.6
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
High
Privileges required
Low
User interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

CVE ID

CVE-2022-41970

Weaknesses

Credits