Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php/settings/admin/sharing`. https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vwh-5v93-3vcq https://github.com/nextcloud/server/pull/32843/commits/6eb692da7fe73c899cb6a8d2aa045eddb1f14018
Created nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2115706] Created nextcloud:nextcloud-18/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2115708] Affects: fedora-all [bug 2115715] Created nextcloud:nextcloud-19/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2115710] Affects: fedora-all [bug 2115716] Created nextcloud:nextcloud-20/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2115711] Affects: fedora-all [bug 2115718] Created nextcloud:nextcloud-21/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2115712] Affects: fedora-all [bug 2115719] Created nextcloud:nextcloud-22/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2115713] Affects: fedora-all [bug 2115720] Created nextcloud:nextcloud-stable/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2115714] Affects: fedora-all [bug 2115721]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.