Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability.
References
Link | Resource |
---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9 | Vendor Advisory |
https://github.com/nextcloud/server/pull/38398 | Issue Tracking Patch |
https://hackerone.com/reports/1994324 | Permissions Required |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9 | Vendor Advisory |
https://github.com/nextcloud/server/pull/38398 | Issue Tracking Patch |
https://hackerone.com/reports/1994324 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9 - Vendor Advisory | |
References | () https://github.com/nextcloud/server/pull/38398 - Issue Tracking, Patch | |
References | () https://hackerone.com/reports/1994324 - Permissions Required | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
20 Oct 2023, 12:18
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:* cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:* cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:* cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:* |
|
First Time |
Nextcloud
Nextcloud nextcloud Server |
|
References | (MISC) https://github.com/nextcloud/server/pull/38398 - Issue Tracking, Patch | |
References | (MISC) https://hackerone.com/reports/1994324 - Permissions Required | |
References | (MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9 - Vendor Advisory |
16 Oct 2023, 19:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-16 19:15
Updated : 2024-11-21 08:26
NVD link : CVE-2023-45151
Mitre link : CVE-2023-45151
CVE.ORG link : CVE-2023-45151
JSON object : View
Products Affected
nextcloud
- nextcloud_server
CWE
CWE-312
Cleartext Storage of Sensitive Information