Vulnerability Description
Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | >= 24.0.4, < 24.0.7 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7w6h-5Vendor Advisory
- https://github.com/nextcloud/server/pull/34502Patch
- https://hackerone.com/reports/1724016ExploitThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7w6h-5Vendor Advisory
- https://github.com/nextcloud/server/pull/34502Patch
- https://hackerone.com/reports/1724016ExploitThird Party Advisory
FAQ
What is CVE-2023-25821?
CVE-2023-25821 is a vulnerability with a CVSS score of 5.7 (MEDIUM). Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares ...
How severe is CVE-2023-25821?
CVE-2023-25821 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-25821?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server.