Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-25150
HistoryFeb 08, 2023 - 8:15 p.m.

CVE-2023-25150

2023-02-0820:15:24
CWE-732
CWE-284
[email protected]
web.nvd.nist.gov
nextcloud
richdocuments
collabora
unauthorized access
files
update
cve-2023-25150

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

42.2%

JSON

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue.

Affected configurations

NVD
Node
nextcloudrichdocumentsRange<3.8.7
OR
nextcloudrichdocumentsRange4.0.04.2.9
OR
nextcloudrichdocumentsRange5.0.05.0.10
OR
nextcloudrichdocumentsRange6.0.06.3.2
OR
nextcloudrichdocumentsRange7.0.07.0.2

Related

osv 1
cvelist 1
prion 1
hackerone 1
cve 1
nextcloud 1
osv
osv
CVE-2023-25150
2023-02-08 20:15:24
cvelist
cvelist
CVE-2023-25150 Document content of files can be obtained through Collabora for files of other users
2023-02-08 19:15:47
prion
prion
Design/Logic Flaw
2023-02-08 20:15:00
hackerone
hackerone
Nextcloud: Document content of files can be obtained through Collabora for files of other users
2022-11-29 14:19:10
cve
cve
CVE-2023-25150
2023-02-08 20:15:24
nextcloud
nextcloud
Document content of files can be obtained through Collabora for files of other users
2023-02-08 14:35:58

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

42.2%

JSON
Related for NVD:CVE-2023-25150
osv1cvelist1prion1hackerone1cve1nextcloud1