The French Government’s Cybersecurity Agency (CERT-FR) has issued a warning about a critical vulnerability in Nextcloud Server.
RISK(S): Security Policy Bypass
AFFECTED SYSTEMS:
- Nextcloud Server versions 26.x.x prior to 26.0.4
- Nextcloud Server versions 25.x.x prior to 25.0.9
- Nextcloud Server Enterprise versions 22.x.x.x prior to 22.2.10.14
- Nextcloud Server Enterprise versions 23.x.x.x prior to 23.0.12.9
- Nextcloud Server Enterprise versions 24.x.x.x prior to 24.0.12.5
- Nextcloud Server Enterprise versions 25.x.x prior to 25.0.9
- Nextcloud Server Enterprise versions 26.x.x prior to 26.0.4
SUMMARY: A critical vulnerability has been discovered in Nextcloud Server, allowing an attacker to bypass the security policy.
SOLUTION: It is highly recommended to update to the patched versions. The fixes can be found in the security bulletin issued by Nextcloud (see Documentation section).