From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Shares are not removed when user is limited to share with in their groups and being removed from one of them - Publisher: nickvergessen - Vulnerability ID: GHSA-35gc-jc6x-29cm - Release Date: Yesterday 2. Affected Versions: - Server (Nextcloud): >= 28.0.0, >= 29.0.0 - Server (Nextcloud Enterprise): >= 26.0.0, >= 27.0.0, >= 28.0.0, >= 29.0.0 3. Fixed Versions: - Server (Nextcloud): 28.0.9, 29.0.5 - Server (Nextcloud Enterprise): 26.0.13.9, 27.1.11.9, 28.0.9, 29.0.5 4. Severity: - Severity: Low (3.0 / 10) 5. Impact: - When the server is configured to allow sharing only within the user’s own groups, if a user is removed from one of those groups, previously shared items are not unshared. 6. Recommendation: - Upgrade to the following versions: - Server (Nextcloud): 22.2.11 or 23.0.11 or 24.0.6 - Server (Nextcloud Enterprise): 22.2.11 or 23.0.11 or 24.0.6 7. Workarounds: - No available workarounds. 8. References: - Pull Request 9. More Information: - A post can be created in nextcloud/security-advisories. - Client: Open a support ticket at portal.nextcloud.com. This information helps understand the nature of the vulnerability, its scope of impact, and how to fix or mitigate it.