CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-26482 – Scope of workflow operations is not validated in nextcloud server
https://notcve.org/view.php?id=CVE-2023-26482
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, invoking webhooks or running scripts on the server. Due to this combination depending on the available apps the issue can result in a RCE at the end. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25817 – Delete permissions are not saved when creating public share in Nextcloud server
https://notcve.org/view.php?id=CVE-2023-25817
Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the Nextcloud Server is upgraded to 24.0.9. There are no known workarounds for this vulnerability. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8v5c-f752-fgpv https://github.com/nextcloud/server/pull/33941 • CWE-281: Improper Preservation of Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-25818 – Missing brute force protection on password reset token in Nextcloud Server
https://notcve.org/view.php?id=CVE-2023-25818
Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit `704eb3aa` password reset attempts are now throttled. Note that 62^21 combinations would significant compute resources to brute force. None the less it is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v243-x6jc-42mp https://github.com/nextcloud/server/pull/36489 https://github.com/nextcloud/server/pull/36489/commits/704eb3aa6cecc0a646f5cca4290b595f493f9ed3 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-25820 – Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal
https://notcve.org/view.php?id=CVE-2023-25820
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud Enterprise Server versions 25.0.x prior to 25.0.4, 24.0.x prior to 24.0.10, 23.0.x prior to 23.0.12.5, 22.x prior to 22.2.0.10, and 21.x prior to 21.0.9.10, when an attacker gets access to an already logged in user session they can then brute force the password on the confirmation endpoint. Nextcloud Server should upgraded to 24.0.10 or 25.0.4 and Nextcloud Enterprise Server should upgraded to 21.0.9.10, 22.2.10.10, 23.0.12.5, 24.0.10, or 25.0.4 to receive a patch. No known workarounds are available. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36g6-wjx2-333x https://github.com/nextcloud/server/pull/36489 https://hackerone.com/reports/1842114 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-25821 – Nextcloud download permissions can be changed by resharer
https://notcve.org/view.php?id=CVE-2023-25821
Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7w6h-5qgw-4j94 https://github.com/nextcloud/server/pull/34502 https://hackerone.com/reports/1724016 • CWE-284: Improper Access Control •