Lucene search

CVE-2023-25162

🗓️ 13 Feb 2023 21:15:15Reported by GitHub_MType

Nextcloud Server SSRF vulnerability in versions prior to 24.0.8 and 23.0.12 allows bypassing IP filters and gaining access to crucial metadata

Reporter	Title	Published	Views	Family All 7
Nextcloud	SSRF via filter bypass due to lax checking on IPs	13 Feb 202313:48	–	nextcloud
Cvelist	CVE-2023-25162 Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs	13 Feb 202320:34	–	cvelist
OSV	CVE-2023-25162	13 Feb 202321:15	–	osv
NVD	CVE-2023-25162	13 Feb 202321:15	–	nvd
Prion	Server side request forgery (ssrf)	13 Feb 202321:15	–	prion
Vulnrichment	CVE-2023-25162 Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs	13 Feb 202320:34	–	vulnrichment
OpenVAS	Nextcloud Server < 23.0.12, 24.x < 24.0.8 SSRF Vulnerability (GHSA-mqrx-grp7-244m)	15 Feb 202300:00	–	openvas

Nvd

Vulners

Node

nextcloud nextcloud_serverRange<23.0.12

nextcloud nextcloud_serverRange24.0.0–24.0.8

[
  {
    "vendor": "nextcloud",
    "product": "security-advisories",
    "versions": [
      {
        "version": "< 23.0.12",
        "status": "affected"
      },
      {
        "version": ">= 24.0.0, < 24.0.8",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m
github	www.github.com/nextcloud/server/pull/34160
hackerone	www.hackerone.com/reports/1702864

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Feb 2023 21:15Current

5.3Medium risk

Vulners AI Score5.3

CVSS35.3

EPSS0.00081

SSVC

CWE-918