CVE-2023-45151

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 08:26

Type Values Removed Values Added
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9 - Vendor Advisory () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9 - Vendor Advisory
References () https://github.com/nextcloud/server/pull/38398 - Issue Tracking, Patch () https://github.com/nextcloud/server/pull/38398 - Issue Tracking, Patch
References () https://hackerone.com/reports/1994324 - Permissions Required () https://hackerone.com/reports/1994324 - Permissions Required
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 6.5

20 Oct 2023, 12:18

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
First Time Nextcloud
Nextcloud nextcloud Server
References (MISC) https://github.com/nextcloud/server/pull/38398 - (MISC) https://github.com/nextcloud/server/pull/38398 - Issue Tracking, Patch
References (MISC) https://hackerone.com/reports/1994324 - (MISC) https://hackerone.com/reports/1994324 - Permissions Required
References (MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9 - (MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9 - Vendor Advisory

16 Oct 2023, 19:24

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-16 19:15

Updated : 2024-11-21 08:26


NVD link : CVE-2023-45151

Mitre link : CVE-2023-45151

CVE.ORG link : CVE-2023-45151


JSON object : View

Products Affected

nextcloud

  • nextcloud_server
CWE
CWE-312

Cleartext Storage of Sensitive Information