From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: User password is available in memory of the PHP process - Publisher: nickvergessen - Vulnerability ID: GHSA-w7v5-mgxm-v6gm - Release Date: Yesterday 2. Affected Versions: - Server (Nextcloud): >= 28.0.0, >= 29.0.0, >= 30.0.0 - Server (Nextcloud Enterprise): >= 28.0.0, >= 29.0.0, >= 30.0.0 3. Fix Recommendation: - Recommended Fixed Versions: - Server (Nextcloud): 28.0.12, 29.0.9, 30.0.2 - Server (Nextcloud Enterprise): 28.0.12, 29.0.9, 30.0.2 4. Severity: - Severity Level: Low - CVSS v3 Base Metrics: - Attack Vector: Physical - Attack Complexity: High - Privileges Required: High - User Interaction: Required - Scope: Changed - Confidentiality: Low - Integrity: None - Availability: None 5. Vulnerability Details: - Under certain conditions, user passwords are stored in plaintext within session data. While session data is encrypted before being saved to session storage (Redis or disk), a malicious process can access the plaintext user password by reading the memory of the PHP process. 6. Workarounds: - No working workarounds are available. 7. References: - Reporter: Bundesamt für Sicherheit in der Informationstechnik (BSI) - Pull Request: PullRequest 8. Additional Information: - You can create a post in nextcloud/security-advisories. - For clients: Open a support ticket at portal.nextcloud.com. This information helps users understand the vulnerability details, affected versions, recommended fixes, and how to report or obtain further information.