Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-25817

Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the Nextcloud Server is upgraded to 24.0.9. There are no known workarounds for this vulnerability.

Published

2023-03-27T21:15:11.127

Last Modified

2024-11-21T07:50:15.600

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

Weaknesses

Type: Secondary
CWE-281
Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	nextcloud_server	< 24.0.9	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8v5c-f752-fgpv Patch, Vendor Advisory ([email protected])
https://github.com/nextcloud/server/pull/33941 Patch ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8v5c-f752-fgpv Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/pull/33941 Patch (af854a3a-2127-422b-91ae-364da2661108)