Nextcloud Server < 28.0.0 Improper Authorization Vulnerability (GHSA-wppc-f5g8-vx36)

2024-01-1800:00:00

plugins.openvas.org

nextcloud

vulnerability

improper authorization

cve-2024-22403

remote banner

vendorfix

ghsa-wppc-f5g8-vx36

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.6%

JSON

Nextcloud Server is prone to an improper authorization
vulnerability.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:nextcloud:nextcloud_server";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.114293");
  script_version("2024-01-29T05:05:18+0000");
  script_tag(name:"last_modification", value:"2024-01-29 05:05:18 +0000 (Mon, 29 Jan 2024)");
  script_tag(name:"creation_date", value:"2024-01-18 13:56:29 +0000 (Thu, 18 Jan 2024)");
  script_tag(name:"cvss_base", value:"2.6");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:N/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2024-01-26 21:03:00 +0000 (Fri, 26 Jan 2024)");

  script_cve_id("CVE-2024-22403");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Nextcloud Server < 28.0.0 Improper Authorization Vulnerability (GHSA-wppc-f5g8-vx36)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_nextcloud_detect.nasl");
  script_mandatory_keys("nextcloud/installed");

  script_tag(name:"summary", value:"Nextcloud Server is prone to an improper authorization
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"When an attacker would get access to an authorization code they
  could authenticate at any time using the code. Now they are invalidated after 10 minutes and will
  no longer be authenticated.");

  script_tag(name:"affected", value:"Nextcloud Server versions prior to 28.0.0");

  script_tag(name:"solution", value:"Update to version 28.0.0 or later.

  Note: The vendor doesn't plan to fix this flaw in older (supported) server versions like 26 or 27.
  Please see the references for more information.");

  script_xref(name:"URL", value:"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wppc-f5g8-vx36");
  script_xref(name:"URL", value:"https://github.com/nextcloud/server/pull/40766");
  script_xref(name:"URL", value:"https://github.com/nextcloud/security-advisories/discussions/32");

  exit(0);
}

include( "host_details.inc" );
include( "version_func.inc" );

if( ! port = get_app_port( cpe: CPE ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if( version_is_less( version: version, test_version: "28.0.0" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "28.0.0", install_path: location );
  security_message( port: port, data: report );
  exit( 0 );
}

exit( 99 );