Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-25821

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available.

Published

2023-02-25T00:15:11.093

Last Modified

2024-11-21T07:50:16.077

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	nextcloud_server	< 24.0.7	Yes
Application	nextcloud	nextcloud_server	< 24.0.7	Yes
Application	nextcloud	nextcloud_server	25.0.0	Yes
Application	nextcloud	nextcloud_server	25.0.0	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7w6h-5qgw-4j94 Vendor Advisory ([email protected])
https://github.com/nextcloud/server/pull/34502 Patch ([email protected])
https://hackerone.com/reports/1724016 Exploit, Third Party Advisory ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7w6h-5qgw-4j94 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/pull/34502 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1724016 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)