6.5
CVE-2023-28844
- EPSS 0.13%
- Veröffentlicht 31.03.2023 23:15:07
- Zuletzt bearbeitet 21.11.2024 07:56:08
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
User without download rights can download older version of that file in nextcloud server
User without download rights can download older version of that file
Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Mögliche Gegenmaßnahme
Server: * No workaround available
Enterprise Server: * No workaround available
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nextcloud ≫ Nextcloud Server Version >= 24.0.4 < 24.0.10
Nextcloud ≫ Nextcloud Server Version >= 25.0.0 < 25.0.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemNextcloud
≫
Produkt
Server
Version
>= 24.0.4, < 24.0.10
Version
>= 25.0.0, < 25.0.4
SystemNextcloud
≫
Produkt
Enterprise Server
Version
>= 24.0.4, < 24.0.10
Version
>= 25.0.0, < 25.0.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.326 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| security-advisories@github.com | 5.7 | 2.1 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.