Nextcloud
Moderate fix2 remedies
cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 30.0.0
- >= 31.0.0
Nextcloud Server and Enterprise Server Path Handling Vulnerability in admin_audit App Logging
Vulnerability
Patched
A logging vulnerability has been identified in the admin_audit app of Nextcloud Server and Nextcloud Enterprise Server, affecting versions 30.0.0 through 30.0.8 and 31.0.0 through 31.0.0. This issue arises from incorrect path handling in group folders, which led to incomplete logging of actions on files and folders within those group folders. The vulnerability has been addressed in Nextcloud Server and Enterprise Server versions 30.0.9 and 31.0.1.
Impact
The vulnerability caused the admin_audit app to improperly log actions on files and folders in group folders, leading to potential gaps in audit trails.
Reproduction
The vulnerability can be reproduced by performing actions on files and folders within group folders in Nextcloud Server or Enterprise Server versions prior to the patched releases. The admin_audit app will not log these actions correctly, truncating the file paths and potentially omitting important details.
Remediation
Users are advised to upgrade Nextcloud Server to version 30.0.9 or 31.0.1. Nextcloud Enterprise Server users should also upgrade to version 30.0.9 or 31.0.1.
Added: Dec 5, 2025, 5:18 PM
Updated: Dec 5, 2025, 5:18 PM
Vulnerability Rating
Custom Algorithm
spread
6.2impact
0.6exploitability
6.3remediation
7.7relevance
1.4threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.