CVE-2022-36075Sensitive Information Exposure in Security-advisories

CWE-200Sensitive Information ExposureCWE-269Improper Privilege Management2 documents2 sources
Severity
4.3MEDIUMNVD
CNA2.6
EPSS
0.2%
top 62.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Files Access Control
Timeline
PublishedSep 15

Description

Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5nextcloud/security-advisories< 1.12.2+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
File list exposure in Nextcloud Files Access Control2022-09-15
CVE-2022-36075 — Sensitive Information Exposure | cvebase