PT-2023-8426 · Nextcloud+1 · Nextcloud Server+1

Nickvergessen

Publicado

2022-10-28

Atualizado

2023-04-01

CVE-2023-25817

CVSS v2.0

8.5

Alta

Vetor

AV:N/AC:L/Au:S/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 24.0.0 through 24.0.8

Description The issue is related to incorrect permission assignment for files, allowing a user to escalate their permissions and delete files they were not supposed to delete, but only view or download. This can be exploited by a remote attacker to delete arbitrary files.

Recommendations For Nextcloud Server versions 24.0.0 through 24.0.8, upgrade to version 24.0.9 to address the issue. At the moment, there is no information about other workarounds for this issue.

Exploit

Correção

Incorrect Permission

Improper Preservation of Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732CWE-281

Identificadores relacionados

ALT-PU-2022-2949

ALT-PU-2023-1056

BDU:2024-00710

CVE-2023-25817

GHSA-8V5C-F752-FGPV

Produtos afetados

Alt Linux

Nextcloud Server

PT-2023-8426 · Nextcloud+1 · Nextcloud Server+1

CVE-2023-25817

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24