apk package
chainguard/nextcloud-server-30-apache2-config
pkg:apk/chainguard/nextcloud-server-30-apache2-config
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-14761 | Med | 5.3 | < 30.0.17-r0 | 30.0.17-r0 | Dec 17, 2025 | Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate | |
| CVE-2025-66552 | — | < 30.0.17-r0 | 30.0.17-r0 | Dec 5, 2025 | Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulne | ||
| CVE-2025-66547 | — | < 30.0.17-r0 | 30.0.17-r0 | Dec 5, 2025 | Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1. | ||
| CVE-2025-66510 | — | < 30.0.17-r0 | 30.0.17-r0 | Dec 5, 2025 | Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identi |
- affected < 30.0.17-r0fixed 30.0.17-r0
Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate
- CVE-2025-66552Dec 5, 2025affected < 30.0.17-r0fixed 30.0.17-r0
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulne
- CVE-2025-66547Dec 5, 2025affected < 30.0.17-r0fixed 30.0.17-r0
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.
- CVE-2025-66510Dec 5, 2025affected < 30.0.17-r0fixed 30.0.17-r0
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identi