PT-2023-22002 · Nextcloud+1 · Nextcloud Server+1

Senamaud

Publicado

2023-03-27

Atualizado

2023-04-07

CVE-2023-28844

CVSS v3.1

5.7

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud server versions prior to 24.0.10 Nextcloud server versions prior to 25.0.4

Description The issue affects Nextcloud server, an open source home cloud implementation, where users who should not have download permissions can still download an older version of a file and use it for uncontrolled distribution.

Recommendations For versions prior to 24.0.10, upgrade to version 24.0.10 or later. For versions prior to 25.0.4, upgrade to version 25.0.4 or later.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

ALT-PU-2023-1517

ALT-PU-2023-1547

CVE-2023-28844

GHSA-W47P-F66H-H2VJ

Produtos afetados

Alt Linux

Nextcloud Server

PT-2023-22002 · Nextcloud+1 · Nextcloud Server+1

CVE-2023-28844

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6