Nextcloud Enterprise Server
Moderate fix3 remedies
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*
Moderate fix3 remedies
- >= 29.0.0, < 29.0.13
- >= 30.0.0, < 30.0.7
- >= 31.0.0, < 31.0.1
Nextcloud Server and Enterprise Server Temporary File Read Vulnerability
Vulnerability
Patched
A vulnerability exists in Nextcloud Server versions 29.0.0 through 29.0.12, 30.0.0 through 30.0.6, and 31.0.0 through 31.0.0, as well as in Nextcloud Enterprise Server versions 26.0.0 through 26.0.13.12, 27.1.0 through 27.1.11.12, 28.0.0 through 28.0.14.3, and 29.0.0 through 29.0.12, 30.0.0 through 30.0.6, and 31.0.0 through 31.0.0. An attacker on a multi-user system may exploit this vulnerability to read temporary files from Nextcloud associated with a different user account or to conduct a symlink attack.
Impact
Exploitation allows for unauthorized reading of temporary files from other user accounts or the execution of a symlink attack.
Remediation
Users are advised to upgrade Nextcloud Server to versions 29.0.13, 30.0.7, or 31.0.1. Nextcloud Enterprise Server users should upgrade to versions 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, or 31.0.1.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
2.5exploitability
5.0remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.