NextcloudGHSA-64XC-R58V-53GJDocument content of files can be obtained through Collabora for files of other users
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
EPSS
Percentile
42.5%
Description
Impact
When tricking Collabora to reuse a valid access token with a file id of another users file a copy of the file can be obtained without proper permission validation. Any user with access to Collabora can obtain the content of other users files.
Patches
It is recommended that the Nextcloud Office App (Collabora Integration) is updated to
7.0.2 (Nextcloud 25)
6.3.2 (Nextcloud 24)
5.0.10 (Nextcloud 23)
4.2.9 (Nextcloud 21-22)
3.8.7 (Nextcloud 15-20)
Workarounds
No workaround available
References
For more information
If you have any questions or comments about this advisory:
- Create a post in nextcloud/security-advisories
- Customers: Open a support ticket at support.nextcloud.com
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
EPSS
Percentile
42.5%