8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
50.5%
An admin was able to upload files with a provided file name into the appdata directory. Since admins of Nextcloud have remote code execution by default, there is no increased risk.
It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4
It is recommended that the Nextcloud Enterprise Server is upgraded to 23.0.14 or 24.0.10 or 25.0.4
If you have any questions or comments about this advisory: