3.3
CVE-2026-45277
- EPSS 0.13%
- Veröffentlicht 01.06.2026 16:51:34
- Zuletzt bearbeitet 03.06.2026 17:36:01
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals workflow associations
fileId parameter reveals workflow associations in Nextcloud Approval app
Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2.
Mögliche Gegenmaßnahme
Approval: * Disable the Approval app
* No other workaround available
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.029 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h7gm-vgxr-9hcw
https://github.com/nextcloud/approval/pull/356
https://hackerone.com/reports/3475210
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h7gm-vgxr-9hcw