CVE-2023-32318 — HIGH (7.2)

Q: How severe is CVE-2023-32318?

CVE-2023-32318 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-32318?

Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server.

Vulnerability Description

Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Nextcloud	Nextcloud Server	>= 25.0.2, < 25.0.6

Related Weaknesses (CWE)

CWE-613

References

FAQ

What is CVE-2023-32318?

CVE-2023-32318 is a vulnerability with a CVSS score of 7.2 (HIGH). Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies ...

How severe is CVE-2023-32318?

CVE-2023-32318 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-32318?

Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server.