Nextcloud Circles, an open source social network built by Nextcloud Germany for the Nextcloud ecosystem, is vulnerable to an authorization issue in versions prior to 0.19.15, 0.20.11, and 0.21.4, which stems from a vulnerability in the Nextcloud Circles The application allows any user to join any “secret circle” without the consent of the circle owner, which could be exploited by an attacker to join the circle and obtain private information.