GCVE - cpe:2.3:a:nextcloud:group_folders:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nextcloud:group_folders:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Nextcloud (`e5ae4298-6932-564f-a40d-08cebea039a5`)
Product	Group Folders (`597a3cb0-10ef-5f6b-af1e-f78af1072a83`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/nextcloud/groupfolders`	purl2cpe	2026-06-01 10:17:59.632861

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-66545`	vulnerable	2026-06-03 15:11:00.770708	Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin LOW (3.5) Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerability is fixed in 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2. Published: 2025-12-05T17:44:13.312Z Updated: 2025-12-08T19:55:13.290Z Open on db.gcve.eu Reference links https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vrq-fhmf-c49m https://github.com/nextcloud/groupfolders/issues/4041 https://github.com/nextcloud/groupfolders/pull/4076 https://github.com/nextcloud/groupfolders/commit/bbe87ebed8da23e9df4db637a76fbc8d36439d58	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-47793`	vulnerable	2026-06-03 15:01:33.421344	Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file MEDIUM (4.3) Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud Groupfolders app prior to 18.0.3, 17.0.5, and 16.0.11, the absence of quota checking on attachments allowed logged-in users to upload files exceeding the group folder quota. Nextcloud Server versions 30.0.2 and 29.0.9, Nextcloud Enterprise Server versions 30.0.2, 29.0.9, or 28.0.12, and Nextcloud Groupfolders app 18.0.3, 17.0.5, and 16.0.11 fix the issue. No known workarounds are available. Published: 2025-05-16T14:31:50.742Z Updated: 2025-05-16T14:49:07.567Z Open on db.gcve.eu Reference links https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww https://github.com/nextcloud/groupfolders/pull/3328 https://github.com/nextcloud/server/pull/48623 https://hackerone.com/reports/2713272	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-8153`	vulnerable	2026-06-03 14:43:08.149358	Details available Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. Published: 2020-05-12T13:01:33.000Z Updated: 2024-08-04T09:48:25.662Z Open on db.gcve.eu Reference links https://hackerone.com/reports/642515 https://nextcloud.com/security/advisory/?id=NC-SA-2020-017 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.