CVE-2023-25579

Source
https://cve.org/CVERecord?id=CVE-2023-25579
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25579.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-25579
Aliases
  • GHSA-273v-9h7x-p68v
Downstream
Related
Published
2023-02-22T18:21:10.573Z
Modified
2026-07-08T07:34:18.372871637Z
Severity
  • 6.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
Summary
Directory traversal in Nextcloud server
Details

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath() function was validating and normalizing the string in the wrong order. The function is used in the newFile() and newFolder() items, which may allow to creation of paths outside of ones own space and overwriting data from other users with crafted paths. This issue has been addressed in versions 25.0.2, 24.0.8, and 23.0.12. Users are advised to upgrade. There are no known workarounds for this issue.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25579.json",
    "cwe_ids": [
        "CWE-22"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": [
        "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "23.0.12"
        },
        {
            "introduced": "20.0.0"
        },
        {
            "fixed": "20.0.14"
        },
        {
            "introduced": "21.0.0"
        },
        {
            "fixed": "21.0.9"
        },
        {
            "introduced": "22.2.0"
        },
        {
            "fixed": "22.2.10"
        },
        {
            "introduced": "23.0.0"
        },
        {
            "introduced": "24.0.0"
        },
        {
            "fixed": "24.0.8"
        },
        {
            "introduced": "25.0.0"
        },
        {
            "fixed": "25.0.2"
        }
    ]
}

Affected versions

v20.*
v20.0.0
v20.0.1
v20.0.10
v20.0.10RC1
v20.0.11
v20.0.11rc1
v20.0.13
v20.0.13rc1
v20.0.14rc1
v20.0.1RC1
v20.0.2
v20.0.2RC1
v20.0.2RC2
v20.0.3
v20.0.3RC2
v20.0.4
v20.0.5
v20.0.5RC1
v20.0.5RC2
v20.0.6
v20.0.6RC1
v20.0.7
v20.0.7RC1
v20.0.8
v20.0.8RC1
v20.0.9
v20.0.9RC1
v21.*
v21.0.0
v21.0.1
v21.0.1RC1
v21.0.2
v21.0.2RC1
v21.0.3
v21.0.3rc1
v21.0.4
v21.0.4rc1
v21.0.5
v21.0.5rc1
v21.0.6
v21.0.6rc1
v21.0.7
v21.0.8
v21.0.8rc1
v21.0.8rc2
v21.0.8rc3
v21.0.9rc1
v22.*
v22.2.0
v22.2.1
v22.2.10rc1
v22.2.10rc2
v22.2.1rc1
v22.2.2
v22.2.3
v22.2.4
v22.2.4rc1
v22.2.4rc2
v22.2.4rc3
v22.2.5
v22.2.5rc1
v22.2.6
v22.2.6rc1
v22.2.6rc2
v22.2.7
v22.2.7rc1
v22.2.8
v22.2.8rc1
v22.2.9
v22.2.9rc1
v23.*
v23.0.0
v23.0.1
v23.0.10
v23.0.10rc1
v23.0.11
v23.0.11rc1
v23.0.12rc1
v23.0.12rc2
v23.0.1rc1
v23.0.1rc2
v23.0.1rc3
v23.0.2
v23.0.2rc1
v23.0.3
v23.0.3rc1
v23.0.3rc2
v23.0.4
v23.0.4rc1
v23.0.5
v23.0.5rc1
v23.0.6
v23.0.6rc1
v23.0.7
v23.0.7rc1
v23.0.7rc2
v23.0.8
v23.0.8rc1
v23.0.9
v23.0.9rc1
v24.*
v24.0.0
v24.0.1
v24.0.1rc1
v24.0.2
v24.0.2rc1
v24.0.3
v24.0.3rc1
v24.0.3rc2
v24.0.4
v24.0.4rc1
v24.0.5
v24.0.5rc1
v24.0.6
v24.0.6rc1
v24.0.7
v24.0.7rc1
v24.0.8rc1
v24.0.8rc2
v25.*
v25.0.0
v25.0.1
v25.0.1rc1
v25.0.2rc1
v25.0.2rc2
v25.0.2rc3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25579.json"