PT-2023-8426 · Nextcloud+1 · Nextcloud Server+1

Nickvergessen

Published

2022-10-28

Updated

2023-04-01

CVE-2023-25817

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 24.0.0 through 24.0.8

Description The issue is related to incorrect permission assignment for files, allowing a user to escalate their permissions and delete files they were not supposed to delete, but only view or download. This can be exploited by a remote attacker to delete arbitrary files.

Recommendations For Nextcloud Server versions 24.0.0 through 24.0.8, upgrade to version 24.0.9 to address the issue. At the moment, there is no information about other workarounds for this issue.

Exploit

Fix

Incorrect Permission

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-281

Related Identifiers

ALT-PU-2022-2949

ALT-PU-2023-1056

BDU:2024-00710

CVE-2023-25817

GHSA-8V5C-F752-FGPV

Affected Products

Alt Linux

Nextcloud Server

PT-2023-8426 · Nextcloud+1 · Nextcloud Server+1

CVE-2023-25817

Weakness Enumeration

Related Identifiers

Affected Products

References · 24