PT-2023-27175 · Nextcloud+1 · Nextcloud Server+1

Rullzer

Publicado

2023-08-10

Atualizado

2025-01-24

CVE-2023-39961

CVSS v3.1

3.5

Baixa

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 24.0.4 through 25.0.8 Nextcloud Server versions 26.0.0 through 26.0.3 Nextcloud Server versions 27.0.0 through 27.0.0

Description Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. When a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it.

Recommendations For Nextcloud Server versions 24.0.4 through 25.0.8, update to version 25.0.9 or later. For Nextcloud Server versions 26.0.0 through 26.0.3, update to version 26.0.4 or later. For Nextcloud Server versions 27.0.0 through 27.0.0, update to version 27.0.1 or later.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

ALT-PU-2023-7785

ALT-PU-2025-1855

CVE-2023-39961

GHSA-QHGM-W4GX-GVGP

Produtos afetados

Alt Linux

Nextcloud Server

PT-2023-27175 · Nextcloud+1 · Nextcloud Server+1

CVE-2023-39961

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8