A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nextcloud_server | Nextcloud | 19.0.0 (including) | 19.0.0 (including) |