diff --git a/changelog/unreleased/fix-uploader-permissions.md b/changelog/unreleased/fix-uploader-permissions.md
new file mode 100644
index 0000000000..78cd19db8e
--- /dev/null
+++ b/changelog/unreleased/fix-uploader-permissions.md
@@ -0,0 +1,8 @@
+Bugfix: Fix "uploader" role permissions
+
+We fixed a permission problem on "public upload shares", which allowed to
+view the content of the shared upload folder.
+
+
+https://github.com/cs3org/reva/pull/3274
+https://github.com/owncloud/ocis/issues/4657
diff --git a/internal/http/services/owncloud/ocs/conversions/role.go b/internal/http/services/owncloud/ocs/conversions/role.go
index 7cd779bb17..093f44a1c9 100644
--- a/internal/http/services/owncloud/ocs/conversions/role.go
+++ b/internal/http/services/owncloud/ocs/conversions/role.go
@@ -267,7 +267,6 @@ func NewUploaderRole() *Role {
 		Name: RoleUploader,
 		cS3ResourcePermissions: &provider.ResourcePermissions{
 			Stat:               true,
-			ListContainer:      true,
 			GetPath:            true,
 			CreateContainer:    true,
 			InitiateFileUpload: true,
@@ -368,7 +367,6 @@ func NewLegacyRoleFromOCSPermissions(p Permissions) *Role {
 	}
 	if p.Contain(PermissionCreate) {
 		r.cS3ResourcePermissions.Stat = true
-		r.cS3ResourcePermissions.ListContainer = true
 		r.cS3ResourcePermissions.CreateContainer = true
 		// FIXME permissions mismatch: double check ocs create vs update file
 		// - if the file exists the ocs api needs to check update permission,
@@ -414,8 +412,7 @@ func RoleFromResourcePermissions(rp *provider.ResourcePermissions) *Role {
 		rp.RestoreRecycleItem {
 		r.ocsPermissions |= PermissionWrite
 	}
-	if rp.ListContainer &&
-		rp.Stat &&
+	if rp.Stat &&
 		rp.CreateContainer &&
 		rp.InitiateFileUpload {
 		r.ocsPermissions |= PermissionCreate