CVE-2023-32318

Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q8c4-chpj-6v38	Vendor Advisory
https://github.com/nextcloud/text/pull/3946	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:26.0.0::::-:::
	cpe:2.3:a:nextcloud:nextcloud_server:26.0.0::::enterprise:::

History

02 Jun 2023, 12:57

Type	Values Removed	Values Added
CPE		cpe:2.3:a:nextcloud:nextcloud_server:26.0.0::::-::: cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::* cpe:2.3:a:nextcloud:nextcloud_server:26.0.0::::enterprise::: cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.7
First Time		Nextcloud nextcloud Server Nextcloud
CWE		CWE-613
References	~~(MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q8c4-chpj-6v38 -~~	(MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q8c4-chpj-6v38 - Vendor Advisory
References	~~(MISC) https://github.com/nextcloud/text/pull/3946 -~~	(MISC) https://github.com/nextcloud/text/pull/3946 - Patch

26 May 2023, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-26 18:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-32318

Mitre link : CVE-2023-32318

CVE.ORG link : CVE-2023-32318

JSON object : View

Products Affected

nextcloud

nextcloud_server

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2023-32318", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 0.8}]}, "published": "2023-05-26T18:15:13.930", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q8c4-chpj-6v38", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/text/pull/3946", "tags": ["Patch"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-613"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1."}], "lastModified": "2023-06-02T12:57:32.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "4E6348D5-CDF1-4E33-8C69-BFF5486AB407", "versionEndExcluding": "25.0.6", "versionStartIncluding": "25.0.2"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "6EE9AA47-F205-45DE-A32E-07494C6204FC", "versionEndExcluding": "25.0.6", "versionStartIncluding": "25.0.2"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:26.0.0:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "78908077-798E-458C-8D8D-B46310565B57"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:26.0.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "F3EA1593-5F17-4548-894E-0B525FCC0D6A"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}