Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the Nextcloud Server is upgraded to 24.0.9. There are no known workarounds for this vulnerability. https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8v5c-f752-fgpv https://github.com/nextcloud/server/pull/33941
Created nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2187918] Created nextcloud:23/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2187919] Affects: fedora-all [bug 2187922] Created nextcloud:24/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2187920] Affects: fedora-all [bug 2187923] Created nextcloud:nextcloud-18/nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2187924] Created nextcloud:nextcloud-19/nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2187925] Created nextcloud:nextcloud-21/nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2187926] Created nextcloud:nextcloud-22/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2187921] Affects: fedora-all [bug 2187927] Created nextcloud:nextcloud-stable/nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2187928]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.