CVE-2023-25159

Source
https://cve.org/CVERecord?id=CVE-2023-25159
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25159.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-25159
Aliases
  • GHSA-92g2-h5jv-jjmg
Published
2023-02-13T16:43:12.227Z
Modified
2026-04-10T04:56:17.451859Z
Severity
  • 2.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Nextcloud Server previews are accessible without a watermark
Details

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get applied. This issue is fixed in Nextcloud Server 25.0.1 and 24.0.8, Nextcloud Enterprise Server 25.0.1 and 24.0.8, and Nextcloud Office (Richdocuments) App 7.0.1 (for 25) and 6.3.1 (for 24). No known workarounds are available.

Database specific
{
    "cwe_ids": [
        "CWE-284"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25159.json"
}
References

Affected packages

Git / github.com/nextcloud/richdocuments

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/richdocuments
Events
Database specific
{
    "versions": [
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.3.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/nextcloud/richdocuments
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "= 7.0.0"
        }
    ]
}

Affected versions

1.*
1.1.22
1.1.23
1.1.24
1.1.25
1.1.26
1.12.27
1.12.28
1.12.29
1.12.30
1.12.31
1.12.32
1.12.33
1.12.34
1.12.35
1.12.36
1.12.37
1.12.38
1.12.39
1.12.40
2.*
2.0.0
2.0.1
2.0.10
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
3.*
3.4.0-beta1
v3.*
v3.0.0-beta1
v3.0.0-beta2
v3.0.0-beta3
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.1.0
v3.1.1
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.3.0
v3.3.1
v3.3.10
v3.3.11
v3.3.12
v3.3.13
v3.3.15
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.4.0
v3.4.0-beta1
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.5.0
v3.5.1
v3.5.2
v3.6.0
v3.7.0
v3.7.0-beta1
v3.7.0-beta2
v3.7.0-beta3
v3.7.1
v3.7.10
v3.7.11
v3.7.12
v3.7.13
v3.7.14
v3.7.2
v3.7.3
v3.7.4
v3.7.5
v3.7.6
v3.7.7
v3.7.8
v3.7.9
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.1.0
v4.1.1
v4.1.2
v4.2.1
v4.2.2
v4.2.3
v6.*
v6.0.0
v6.0.0-beta.1
v6.1.0
v6.1.1
v6.2.0
v6.2.1
v6.3.0
v7.*
v7.0.0
v7.0.0-beta.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25159.json"

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events
Database specific
{
    "versions": [
        {
            "introduced": "24.0.4"
        },
        {
            "fixed": "24.0.8"
        }
    ]
}
Type
GIT
Repo
https://github.com/nextcloud/server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "= 25.0.0"
        }
    ]
}

Affected versions

v1.*
v1.0.0beta1
v11.*
v11.0.0
v11.0RC2
v12.*
v12.0.0beta1
v12.0.0beta2
v12.0.0beta3
v12.0.0beta4
v13.*
v13.0.0RC1
v13.0.0beta1
v13.0.0beta2
v13.0.0beta3
v13.0.0beta4
v14.*
v14.0.0RC1
v14.0.0RC2
v14.0.0beta1
v14.0.0beta2
v14.0.0beta3
v14.0.0beta4
v15.*
v15.0.0RC1
v15.0.0beta1
v15.0.0beta2
v16.*
v16.0.0RC1
v16.0.0alpha1
v16.0.0beta1
v16.0.0beta2
v16.0.0beta3
v17.*
v17.0.0beta1
v17.0.0beta2
v17.0.0beta3
v17.0.0beta4
v18.*
v18.0.0RC1
v18.0.0beta1
v18.0.0beta2
v18.0.0beta3
v18.0.0beta4
v19.*
v19.0.0RC1
v19.0.0RC2
v19.0.0beta1
v19.0.0beta2
v19.0.0beta3
v19.0.0beta4
v19.0.0beta5
v19.0.0beta6
v19.0.0beta7
v20.*
v20.0.0RC1
v20.0.0beta1
v20.0.0beta2
v20.0.0beta3
v20.0.0beta4
v21.*
v21.0.0beta1
v21.0.0beta2
v21.0.0beta3
v21.0.0beta4
v21.0.0beta5
v21.0.0beta6
v21.0.0beta7
v21.0.0beta8
v22.*
v22.0.0beta1
v22.0.0beta2
v22.0.0beta4
v22.0.0beta5
v22.0.0rc1
v23.*
v23.0.0beta1
v23.0.0beta2
v23.0.0beta3
v24.*
v24.0.0beta1
v24.0.0beta2
v24.0.0beta3
v24.0.0rc1
v24.0.4
v24.0.5
v24.0.5rc1
v24.0.6
v24.0.6rc1
v24.0.7
v24.0.7rc1
v24.0.8rc1
v24.0.8rc2
v25.*
v25.0.0
v25.0.0beta1
v25.0.0beta2
v25.0.0beta3
v25.0.0beta4
v25.0.0beta5
v25.0.0beta6
v25.0.0beta7
v25.0.0rc1
v25.0.0rc2
v25.0.0rc3
v25.0.0rc4
v25.0.0rc5
v3.*
v3.0
v4.*
v4.0.0
v4.0.0RC
v4.0.0RC2
v4.0.0beta
v4.0.1
v4.0.4
v4.0.5
v4.0.6
v4.5.0
v4.5.0RC1
v4.5.0RC2
v4.5.0RC3
v4.5.0beta3
v4.5.0beta4
v5.*
v5.0.0
v5.0.0RC1
v5.0.0RC2
v5.0.0RC3
v5.0.0alpha1
v5.0.0beta1
v5.0.0beta2
v6.*
v6.0.0RC1
v6.0.0RC2
v6.0.0alpha2
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.0beta5
v7.*
v7.0.0alpha2
v7.0.0beta1
v8.*
v8.0.0
v8.0.0RC1
v8.0.0RC2
v8.0.0alpha1
v8.0.0alpha2
v8.0.0beta1
v8.0.0beta2
v8.1.0alpha1
v8.1.0alpha2
v8.1.0beta1
v8.1.0beta2
v8.1RC2
v8.2RC1
v8.2beta1
v9.*
v9.0.0beta2
v9.0beta1
v9.1.0beta1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25159.json"