CVE-2022-36075

LOW

Nextcloud Files Access Control <1.12.2-1.14.1 - Info Disclosure

Title source: llm

Description

Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue

References (2)

Core 2

Core References

Third Party Advisory x_refsource_confirm

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4m73-g7v7-v62w

Patch, Third Party Advisory x_refsource_misc

https://github.com/nextcloud/files_accesscontrol/pull/248

Scores

CVSS v3 2.6

EPSS 0.0017

EPSS Percentile 37.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-269 CWE-200

Status published

Products (3)

nextcloud/files_access_control 1.13.0

nextcloud/files_access_control 1.14.0

nextcloud/files_access_control < 1.12.2

Published Sep 15, 2022

Tracked Since Feb 18, 2026