CVE-2023-25162

Exploit

EPSS 0.2%
Veröffentlicht 13.02.2023 21:15:15
Zuletzt bearbeitet 21.11.2024 07:49:13
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs

SSRF via filter bypass due to lax checking on IPs

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enterprise Server 24.0.8 and 23.0.12 contain a patch for this issue. No known workarounds are available.

Mögliche Gegenmaßnahme

Server: No workaround available

Server (Enterprise): No workaround available

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 2 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nextcloud ≫ Nextcloud Server Version < 23.0.12

Nextcloud ≫ Nextcloud Server Version >= 24.0.0 < 24.0.8

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemNextcloud

≫

Produkt Server

Version >= 0.0.0, < 23.0.12

Version >= 24.0.0, < 24.0.8

SystemNextcloud App

≫

Produkt Server (Enterprise)

Version >= 0.0.0, < 23.0.12

Version >= 24.0.0, < 24.0.8

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.422

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m

Vendor Advisory

https://github.com/nextcloud/server/pull/34160

Issue Tracking

https://hackerone.com/reports/1702864

Third Party Advisory

Exploit

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-25162

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-25162

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-25162

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-25162