7.5

CVE-2023-25821

Exploit

EPSS 0.26%
Published 25.02.2023 00:15:11
Last modified 21.11.2024 07:50:16
Source security-advisories@github.com
Teams watchlist Login
Open Login

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround  is available.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Nextcloud ≫ Nextcloud Server Version >= 24.0.4 < 24.0.7

Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 24.0.4 < 24.0.7

Nextcloud ≫ Nextcloud Server Version25.0.0

Nextcloud ≫ Nextcloud Server Version25.0.0 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.26%	0.49

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	5.7	2.1	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7w6h-5qgw-4j94

Vendor Advisory

https://github.com/nextcloud/server/pull/34502

Patch

https://hackerone.com/reports/1724016

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-25821

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-25821

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-25821

EUVD