CVE-2022-36075

low-risk
Published 2022-09-15

Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue

Do I need to act?

-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.6/10 Low
NETWORK / HIGH complexity

Affected Products (3)

Files Access Control
Files Access Control
Files Access Control

Affected Vendors

Nextcloud

References (4)

Patch https://github.com/nextcloud/files_accesscontrol/pull/248
Third Party Advisory https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-g...
Patch https://github.com/nextcloud/files_accesscontrol/pull/248
Third Party Advisory https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-g...
20
/ 100
low-risk
Severity 10/34 · Low
Exploitability 1/34 · Minimal
Exposure 9/34 · Low