PT-2023-2471 · Nextcloud+2 · Nextcloud Server+2
Aslfvo
·
Publicado
2023-01-23
·
Atualizado
2023-04-18
·
CVE-2023-28643
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Nextcloud Server versions prior to 24.0.9
Nextcloud Server versions prior to 25.0.3
Description
The issue is related to the handling of shared resources with the same name in Nextcloud Server, particularly when a memory cache is configured. If a recipient receives two shares with the same name, the second share will replace the first one instead of being renamed to
{name} (2). This can lead to a denial of service. The vulnerability can be exploited by a remote attacker to cause a collision of shared resources for recipients when caching is enabled.Recommendations
For Nextcloud Server versions prior to 24.0.9, upgrade to version 24.0.9.
For Nextcloud Server versions prior to 25.0.3, upgrade to version 25.0.3.
As a temporary workaround for users unable to upgrade, avoid sharing two folders with the same name to the same user.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Nextcloud Server
Red Os