CNNVD-202512-645 Information
CNNVD ID
CNNVD-202512-645
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Nextcloud Desktop Client是Nextcloud GmbH的一个开源的文件同步和共享工具。 Nextcloud Desktop Client 1.14.6之前版本和1.15.2之前版本存在访问控制错误漏洞,该漏洞源于权限逻辑错误,可能导致共享权限被滥用。
Description (English)
Nextcloud Desktop Clinic is an open-source file synchronization and sharing tool for Nextcloud GmbH. Nextcloud Desktop Clinic 1.14.6 and 1.15.2 had an error in access control, which stemmed from a logical error in authority, which could lead to abuse of sharing rights.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
Nextcloud GmbH
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/nextcloud/deck/commit/f1da8b30a455f02373d44154da04494c949a95ae https://github.com/nextcloud/deck/pull/7131 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wwr8-hx9g-rjvv https://hackerone.com/reports/3247499
Patch
https://apps.nextcloud.com/apps/deck
Share on: