CVE-2023-25150

Name of the Vulnerable Software and Affected Versions Nextcloud Office versions prior to 7.0.2 Nextcloud Office versions prior to 6.3.2 Nextcloud Office versions prior to 5.0.10 Nextcloud Office versions prior to 4.2.9 Nextcloud Office versions prior to 3.8.7

Description The Collabora integration in Nextcloud Office can be tricked into providing access to any file without proper permission validation, allowing any user with access to Collabora to obtain the content of other users' files.

Recommendations Update the Nextcloud Office App (Collabora Integration) to version 7.0.2 for Nextcloud 25. Update the Nextcloud Office App (Collabora Integration) to version 6.3.2 for Nextcloud 24. Update the Nextcloud Office App (Collabora Integration) to version 5.0.10 for Nextcloud 23. Update the Nextcloud Office App (Collabora Integration) to version 4.2.9 for Nextcloud 21-22. Update the Nextcloud Office App (Collabora Integration) to version 3.8.7 for Nextcloud 15-20.