Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nextcloud_server | Nextcloud | * | 12.0.11 (excluding) |
Nextcloud_server | Nextcloud | 13.0.0 (including) | 13.0.6 (excluding) |
Nextcloud_server | Nextcloud | 14.0.0-beta1 (including) | 14.0.0-beta1 (including) |
Nextcloud_server | Nextcloud | 14.0.0-beta2 (including) | 14.0.0-beta2 (including) |
Nextcloud_server | Nextcloud | 14.0.0-beta3 (including) | 14.0.0-beta3 (including) |
Nextcloud_server | Nextcloud | 14.0.0-beta4 (including) | 14.0.0-beta4 (including) |
Nextcloud_server | Nextcloud | 14.0.0-rc1 (including) | 14.0.0-rc1 (including) |
Nextcloud_server | Nextcloud | 14.0.0-rc2 (including) | 14.0.0-rc2 (including) |