CNNVD-202512-661 Information
CNNVD ID
CNNVD-202512-661
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Nextcloud Server是Nextcloud开源的一个Nextcloud服务器程序。 Nextcloud Server 31.0.1之前版本存在安全漏洞,该漏洞源于非特权用户可通过批量标记修改文件标签,可能导致权限提升。
Description (English)
Nextcloud Server is a Nextcloud server that is an open source for Nextcloud. There was a security loophole in the previous version of Nextcloud Server 31.0.1, which stemmed from the possibility that non-privileged users could modify file labels through bulk tags, which could lead to enhanced privileges.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Nextcloud
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hq6c-r898-fgf2 https://github.com/nextcloud/server/commit/b44f1568f2dc97c746281d99e2342ad679e3d8a9 https://github.com/nextcloud/server/issues/51247 https://github.com/nextcloud/server/pull/51288 https://hackerone.com/reports/3040887
Patch
https://nextcloud.com/install/#instructions-server
Share on: