Impact
The Nextcloud Richdocuments application did return verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file shared.txt is located within /files/$username/Myfolder/Mysubfolder/shared.txt)
Patches
It is recommended that the Richdocuments application is upgraded to 3.8.6 or 4.2.3.
Workarounds
Disable the Richdocuments application in the app settings.
References
For more information
If you have any questions or comments about this advisory:
Impact
The Nextcloud Richdocuments application did return verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file
shared.txtis located within/files/$username/Myfolder/Mysubfolder/shared.txt)Patches
It is recommended that the Richdocuments application is upgraded to 3.8.6 or 4.2.3.
Workarounds
Disable the Richdocuments application in the app settings.
References
For more information
If you have any questions or comments about this advisory: