PT-2023-22002 · Nextcloud+1 · Nextcloud Server+1

Senamaud

Published

2023-03-27

Updated

2023-04-07

CVE-2023-28844

CVSS v3.1

5.7

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud server versions prior to 24.0.10 Nextcloud server versions prior to 25.0.4

Description The issue affects Nextcloud server, an open source home cloud implementation, where users who should not have download permissions can still download an older version of a file and use it for uncontrolled distribution.

Recommendations For versions prior to 24.0.10, upgrade to version 24.0.10 or later. For versions prior to 25.0.4, upgrade to version 25.0.4 or later.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALT-PU-2023-1517

ALT-PU-2023-1547

CVE-2023-28844

GHSA-W47P-F66H-H2VJ

Affected Products

Alt Linux

Nextcloud Server

PT-2023-22002 · Nextcloud+1 · Nextcloud Server+1

CVE-2023-28844

Weakness Enumeration

Related Identifiers

Affected Products

References · 6