Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-28844

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published

2023-03-31T23:15:07.467

Last Modified

2024-11-21T07:56:08.567

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.7 (MEDIUM)

Weaknesses

Type: Primary
CWE-284

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	nextcloud_server	< 24.0.10	Yes
Application	nextcloud	nextcloud_server	< 25.0.4	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w47p-f66h-h2vj Vendor Advisory ([email protected])
https://github.com/nextcloud/server/pull/36113 Patch ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w47p-f66h-h2vj Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/pull/36113 Patch (af854a3a-2127-422b-91ae-364da2661108)