CVE-2023-25579

{"id": "CVE-2023-25579", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.8}]}, "published": "2023-02-22T19:15:11.697", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-273v-9h7x-p68v", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/server/pull/35074", "tags": ["Patch"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud server is a self hosted home cloud product. In affected versions the `OC\\Files\\Node\\Folder::getFullPath()` function was validating and normalizing the string in the wrong order. The function is used in the `newFile()` and `newFolder()` items, which may allow to creation of paths outside of ones own space and overwriting data from other users with crafted paths. This issue has been addressed in versions 25.0.2, 24.0.8, and 23.0.12. Users are advised to upgrade. There are no known workarounds for this issue."}], "lastModified": "2023-03-03T15:09:20.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B50151BE-566E-4F7F-BFF5-CDBA5A0AE4B8", "versionEndExcluding": "23.0.12"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "00D6E726-5ED1-4409-8063-903F9DF581C6", "versionEndExcluding": "20.0.14", "versionStartIncluding": "20.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "3A67058C-45D1-48DD-9247-1F465D0FBC19", "versionEndExcluding": "21.0.9", "versionStartIncluding": "21.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "F019288C-0D86-4F4B-B6FE-7D6A5BE4125C", "versionEndExcluding": "22.2.10", "versionStartIncluding": "22.2.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "61D5D9C2-C03D-4F66-89B5-D5F94EFBCDAB", "versionEndExcluding": "23.0.12", "versionStartIncluding": "23.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7827F3FA-9D17-4915-90CB-B3652E310F0E", "versionEndExcluding": "24.0.8", "versionStartIncluding": "24.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "FF5F1D96-7883-40CD-82A4-13AAF12F53D2", "versionEndExcluding": "24.0.8", "versionStartIncluding": "24.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D5A8D9E-E394-4841-8177-BBC971CAF023", "versionEndExcluding": "25.0.2", "versionStartIncluding": "25.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "A263A4CF-DF40-41F3-BB9A-D03FF96FF6F6", "versionEndExcluding": "25.0.2", "versionStartIncluding": "25.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}