CVE-2023-35927

Nextcloud system addressbooks can be modified by malicious trusted server

Severity Score

8.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, when two server are registered as trusted servers for each other and successfully exchanged the share secrets, the malicious server could modify or delete VCards in the system addressbook on the origin server. This would impact the available and shown information in certain places, such as the user search and avatar menu. If a manipulated user modifies their own data in the personal settings the entry is fixed again.

Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. A workaround is available. Remove all trusted servers in the "Administration" > "Sharing" settings `…/index.php/settings/admin/sharing`. Afterwards, trigger a recreation of the local system addressbook with the following `occ dav:sync-system-addressbook`.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

High

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-06-20 CVE Reserved
2023-06-23 CVE Published
2024-06-29 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-284: Improper Access Control

CAPEC

References (2)

URL	Tag	Source
https://github.com/nextcloud/server/pull/38247	Issue Tracking

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h7f7-535f-7q87	2023-07-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nextcloud Search vendor "Nextcloud"		Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server"				>= 16.0.0 < 19.0.13.9 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 16.0.0 < 19.0.13.9"		enterprise		Affected
Nextcloud Search vendor "Nextcloud"		Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server"				>= 20.0.0 < 20.0.14.14 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 20.0.0 < 20.0.14.14"		enterprise		Affected
Nextcloud Search vendor "Nextcloud"		Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server"				>= 21.0.0 < 21.0.9.12 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 21.0.0 < 21.0.9.12"		enterprise		Affected
Nextcloud Search vendor "Nextcloud"		Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server"				>= 22.0.0 < 22.2.10.12 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 22.0.0 < 22.2.10.12"		enterprise		Affected
Nextcloud Search vendor "Nextcloud"		Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server"				>= 23.0.0 < 23.0.12.7 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 23.0.0 < 23.0.12.7"		enterprise		Affected
Nextcloud Search vendor "Nextcloud"		Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server"				>= 24.0.0 < 24.0.12.2 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 24.0.0 < 24.0.12.2"		enterprise		Affected
Nextcloud Search vendor "Nextcloud"		Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server"				>= 25.0.0 < 25.0.7 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 25.0.0 < 25.0.7"		-		Affected
Nextcloud Search vendor "Nextcloud"		Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server"				>= 25.0.0 < 25.0.7 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 25.0.0 < 25.0.7"		enterprise		Affected
Nextcloud Search vendor "Nextcloud"		Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server"				>= 26.0.0 < 26.0.2 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 26.0.0 < 26.0.2"		-		Affected
Nextcloud Search vendor "Nextcloud"		Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server"				>= 26.0.0 < 26.0.2 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 26.0.0 < 26.0.2"		enterprise		Affected