PT-2023-19940 · Nextcloud · Nextcloud Office
Juliushaertl
·
Published
2023-02-08
·
Updated
2023-02-16
·
CVE-2023-25150
CVSS v3.1
5.8
Medium
| Vector | AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Office versions prior to 7.0.2
Nextcloud Office versions prior to 6.3.2
Nextcloud Office versions prior to 5.0.10
Nextcloud Office versions prior to 4.2.9
Nextcloud Office versions prior to 3.8.7
Description
The Collabora integration in Nextcloud Office can be tricked into providing access to any file without proper permission validation, allowing any user with access to Collabora to obtain the content of other users' files.
Recommendations
Update the Nextcloud Office App (Collabora Integration) to version 7.0.2 for Nextcloud 25.
Update the Nextcloud Office App (Collabora Integration) to version 6.3.2 for Nextcloud 24.
Update the Nextcloud Office App (Collabora Integration) to version 5.0.10 for Nextcloud 23.
Update the Nextcloud Office App (Collabora Integration) to version 4.2.9 for Nextcloud 21-22.
Update the Nextcloud Office App (Collabora Integration) to version 3.8.7 for Nextcloud 15-20.
Exploit
Fix
Incorrect Permission
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nextcloud Office