Vulnerability Description
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | >= 23.0.0, < 23.0.12.13 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5j2p-qVendor Advisory
- https://github.com/nextcloud/server/pull/41526Patch
- https://hackerone.com/reports/2230915Permissions Required
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5j2p-qVendor Advisory
- https://github.com/nextcloud/server/pull/41526Patch
- https://hackerone.com/reports/2230915Permissions Required
FAQ
What is CVE-2023-49792?
CVE-2023-49792 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 2...
How severe is CVE-2023-49792?
CVE-2023-49792 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-49792?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server.