8.8
CVE-2023-45151
- EPSS 0.63%
- Published 16.10.2023 19:15:10
- Last modified 21.11.2024 08:26:27
- Source security-advisories@github.com
- Teams watchlist Login
- Open Login
Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability.
Data is provided by the National Vulnerability Database (NVD)
Nextcloud ≫ Nextcloud Server SwEdition- Version >= 25.0.0 < 25.0.8
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 25.0.0 < 25.0.8
Nextcloud ≫ Nextcloud Server SwEdition- Version >= 26.0.0 < 26.0.3
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 26.0.0 < 26.0.3
Nextcloud ≫ Nextcloud Server Version27.0.0 SwEdition-
Nextcloud ≫ Nextcloud Server Version27.0.0 SwEditionenterprise
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.63% | 0.694 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 6.5 | 1.2 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.