CVE-2023-28844

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-28844
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28844.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-28844
Aliases
  • GHSA-w47p-f66h-h2vj
Published
2023-03-31T23:15:07Z
Modified
2024-06-06T14:27:27.276468Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events

Affected versions

v25.*

v25.0.0
v25.0.1
v25.0.1rc1
v25.0.2
v25.0.2rc1
v25.0.2rc2
v25.0.2rc3
v25.0.3
v25.0.3rc1
v25.0.3rc2
v25.0.4rc1