Overview
- Description
- Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9AFD20D-B0C0-41EF-8691-FAED764B6373",
"versionEndExcluding": "23.0.9"
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3AFFCA7-2B0A-49B1-B625-4A7F032587B4",
"versionEndExcluding": "24.0.5",
"versionStartIncluding": "24.0.0"
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06F3A940-4479-48B2-973A-CB9DEAE3F3FE",
"versionEndExcluding": "23.0.9"
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD8E7E4F-3467-4124-9FBC-26C72C75BC33",
"versionEndExcluding": "24.0.5",
"versionStartIncluding": "24.0.0"
}
],
"operator": "OR"
}
]
}
]