Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Link | Resource |
---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w47p-f66h-h2vj | Vendor Advisory |
https://github.com/nextcloud/server/pull/36113 | Patch |
Configurations
Configuration 1 (hide)
|
History
07 Apr 2023, 01:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w47p-f66h-h2vj - Vendor Advisory | |
References | (MISC) https://github.com/nextcloud/server/pull/36113 - Patch | |
First Time |
Nextcloud nextcloud Server
Nextcloud |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
31 Mar 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-31 23:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-28844
Mitre link : CVE-2023-28844
CVE.ORG link : CVE-2023-28844
JSON object : View
Products Affected
nextcloud
- nextcloud_server
CWE
CWE-284
Improper Access Control