CVE-2023-48306

Exploit

EPSS 0.5%
Veröffentlicht 21.11.2023 23:15:07
Zuletzt bearbeitet 21.11.2024 08:31:27
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Nextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF

DNS pin middleware can be tricked into DNS rebinding allowing SSRF

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, the DNS pin middleware was vulnerable to DNS rebinding allowing an attacker to perform SSRF as a final result. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available.

Mögliche Gegenmaßnahme

Server: * No workaround available

Enterprise Server: * No workaround available

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 9 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 22.0.0 < 22.2.10.16

Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 23.0.0 < 23.0.12.11

Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 24.0.0 < 24.0.12.7

Nextcloud ≫ Nextcloud Server SwEdition- Version >= 25.0.0 < 25.0.11

Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 25.0.0 < 25.0.11

Nextcloud ≫ Nextcloud Server SwEdition- Version >= 26.0.0 < 26.0.6

Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 26.0.0 < 26.0.6

Nextcloud ≫ Nextcloud Server SwEdition- Version >= 27.0.0 < 27.1.0

Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 27.0.0 < 27.1.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemNextcloud

≫

Produkt Server

Version >= 25.0.0, < 25.0.11

Version >= 26.0.0, < 26.0.6

Version >= 27.0.0, < 27.1.0

SystemNextcloud

≫

Produkt Enterprise Server

Version >= 22.0.0, < 22.2.10.16

Version >= 23.0.0, < 23.0.12.11

Version >= 24.0.0, < 24.0.12.7

Version >= 25.0.0, < 25.0.11

Version >= 26.0.0, < 26.0.6

Version >= 27.0.0, < 27.1.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.655

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	5	3.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f69-f9jg-4x3v

Vendor Advisory

https://github.com/nextcloud/server/pull/40234

Patch

Exploit

Issue Tracking

https://hackerone.com/reports/2115212

Permissions Required

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f69-f9jg-4x3v

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-48306

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-48306

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-48306

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-48306