CVE-2023-25821

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-25821
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25821.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-25821
Aliases
  • GHSA-7w6h-5qgw-4j94
Published
2023-02-25T00:15:11Z
Modified
2024-06-06T14:25:01.344164Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events

Affected versions

v24.*

v24.0.4
v24.0.5
v24.0.5rc1
v24.0.6
v24.0.6rc1
v24.0.7rc1