7.5
CVE-2023-25821
- EPSS 0.16%
- Veröffentlicht 25.02.2023 00:15:11
- Zuletzt bearbeitet 21.11.2024 07:50:16
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Nextcloud download permissions can be changed by resharer
Download permissions can be changed by resharer
Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available.
Mögliche Gegenmaßnahme
Server: * No workaround available
Enterprise Server: * No workaround available
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nextcloud ≫ Nextcloud Server Version >= 24.0.4 < 24.0.7
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 24.0.4 < 24.0.7
Nextcloud ≫ Nextcloud Server Version25.0.0
Nextcloud ≫ Nextcloud Server Version25.0.0 SwEditionenterprise
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemNextcloud
≫
Produkt
Server
Version
>= 24.0.4, < 24.0.7
Version
>= 25.0.0, < 25.0.1
SystemNextcloud
≫
Produkt
Enterprise Server
Version
>= 24.0.4, < 24.0.7
Version
>= 25.0.0, < 25.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.362 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security-advisories@github.com | 5.7 | 2.1 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.