CVE-2023-49791

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-49791

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49791.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-49791

Aliases

GHSA-3f8p-6qww-2prr

Published

2023-12-22T16:26:28.076Z

Modified

2025-12-05T00:13:37.986598Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

Workflows do not require password confirmation on API level

Details

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.

Database specific

{
    "cwe_ids": [
        "CWE-284",
        "CWE-287"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49791.json"
}

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/server

Events

Introduced

62cfd3b4c9ff4d8cdbbe6dcc8b63a1085bb94e3d

Fixed

26cc81d62045018b2cbdc7f465228a0456ad9125

Database specific

{
    "versions": [
        {
            "introduced": "26.0.0"
        },
        {
            "fixed": "26.0.9"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/server

Events

Introduced

add4e4365a4040d2e4e6aa79c0d03c3edd78583c

Fixed

2668bd0cd54784b8464b15b23ea7b7336ee1bdc3

Database specific

{
    "versions": [
        {
            "introduced": "27.0.0"
        },
        {
            "fixed": "27.1.4"
        }
    ]
}

Affected versions

v26.*

v26.0.0

v26.0.1

v26.0.1rc1

v26.0.2

v26.0.2rc1

v26.0.3

v26.0.3rc1

v26.0.3rc2

v26.0.4

v26.0.4rc1

v26.0.4rc2

v26.0.5

v26.0.5rc1

v26.0.6

v26.0.6rc1

v26.0.7

v26.0.8

v26.0.8rc1

v26.0.8rc2

v26.0.9rc1

v27.*

v27.0.0

v27.0.1

v27.0.1rc1

v27.0.1rc2

v27.0.2

v27.0.2rc1

v27.1.0

v27.1.0beta2

v27.1.0beta3

v27.1.0rc1

v27.1.0rc2

v27.1.0rc3

v27.1.0rc4

v27.1.1

v27.1.2

v27.1.2rc1

v27.1.3

v27.1.3rc1

v27.1.3rc2

v27.1.4rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49791.json"