Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud has a file traversal vulnerability in versions prior to 20.0.13, 21.0.5, and 22.2.0, which stems from a lack of authentication, access control, permission management, and other security measures in the network system or product. An attacker is able to download arbitrary SVG images, including user-supplied files, from the host system.
CPE | Name | Operator | Version |
---|---|---|---|
nextcloud nextcloud | lt | 20.0.13 | |
nextcloud nextcloud | lt | 21.0.5 | |
nextcloud nextcloud | lt | 22.2.0 |