CVE-2023-28844

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-28844

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28844.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-28844

Related

GHSA-w47p-f66h-h2vj

Published

2023-03-31T23:15:07Z

Modified

2025-02-19T03:40:47.489240Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/server
Events: Introduced

fb9510ffed32c92dee60285157a69f09a10fe468

Fixed

9fcbbc523ea041301fc5a8acc50d6a8ec5b328e5

Affected versions

v24.*

v24.0.10rc1

v24.0.4

v24.0.5

v24.0.5rc1

v24.0.6

v24.0.6rc1

v24.0.7

v24.0.7rc1

v24.0.8

v24.0.8rc1

v24.0.8rc2

v24.0.9

v24.0.9rc1

v24.0.9rc2