CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
EPSS
Percentile
42.4%
Nextcloud server vulnerability is related to improper access control. Exploitation of the vulnerability could
allow an attacker acting remotely to access files within a subfolder of an accessible group folder, even if extended permissions block access to the subfolder.
of a group folder, even if advanced permissions block access to the subfolder.
The Nextcloud server vulnerability is related to improper access control. Exploitation of the vulnerability could
Allow an attacker acting remotely to delete any personal or global external storage,
making it inaccessible to everyone else.
The Nextcloud server vulnerability is related to the lack of password validation for a logged in
user. Exploitation of the vulnerability could allow an attacker acting remotely to successfully
steal a session, then create application passwords for the victim.
Nextcloud server vulnerability is related to improper access control. Exploitation of the vulnerability could
allow an attacker acting remotely to send a DAV request that would reveal whether the
victim has a calendar or address book with a given identifier.
The Nextcloud server vulnerability involves improperly limiting excessive authentication attempts.
Exploitation of the vulnerability could allow an attacker acting remotely to brute force the sensitive data of the
of configured OAuth2 clients.