PT-2023-6441 · Nextcloud+2 · Nextcloud+2
Rullzer
·
Published
2023-10-16
·
Updated
2025-01-24
·
CVE-2023-45151
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Nextcloud versions prior to 25.0.8
Nextcloud versions prior to 26.0.3
Nextcloud versions prior to 27.0.1
Description
The issue is related to the storage of OAuth2 tokens in plaintext in Nextcloud, allowing an attacker who has gained access to the server to potentially elevate their privilege.
Recommendations
For versions prior to 25.0.8, upgrade to version 25.0.8 or later.
For versions prior to 26.0.3, upgrade to version 26.0.3 or later.
For versions prior to 27.0.1, upgrade to version 27.0.1 or later.
Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Nextcloud
Red Os