8.8
CVE-2023-45151
- EPSS 0.63%
- Veröffentlicht 16.10.2023 19:15:10
- Zuletzt bearbeitet 21.11.2024 08:26:27
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginNextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nextcloud ≫ Nextcloud Server SwEdition- Version >= 25.0.0 < 25.0.8
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 25.0.0 < 25.0.8
Nextcloud ≫ Nextcloud Server SwEdition- Version >= 26.0.0 < 26.0.3
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 26.0.0 < 26.0.3
Nextcloud ≫ Nextcloud Server Version27.0.0 SwEdition-
Nextcloud ≫ Nextcloud Server Version27.0.0 SwEditionenterprise
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.63% | 0.694 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 6.5 | 1.2 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.