CNNVD-202512-652 Information
CNNVD ID
CNNVD-202512-652
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Team folders是Nextcloud开源的一个文件共享软件。 Team folders 14.0.11之前版本、15.3.12之前版本、16.0.15之前版本、17.0.14之前版本、18.1.8之前版本、19.1.8之前版本和20.1.2之前版本存在安全漏洞,该漏洞源于只读权限用户可从回收站恢复文件,可能导致权限绕过。
Description (English)
Team Folders is a file-sharing software for the Nextcloud open source. There is a security loophole in previous versions of Team Friends 140.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8 and 20.1.2, which stems from the fact that read-only access users can recover files from the wastebin and may result in the right circumvention.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Nextcloud
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/nextcloud/groupfolders/commit/bbe87ebed8da23e9df4db637a76fbc8d36439d58 https://github.com/nextcloud/groupfolders/issues/4041 https://github.com/nextcloud/groupfolders/pull/4076 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vrq-fhmf-c49m
Patch
https://apps.nextcloud.com/apps/groupfolders
Share on: