Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310127777HistoryJun 18, 2024 - 12:00 a.m.
Nextcloud Server < 23.0.12.16, 24.x < 24.0.12.12, 25.x < 25.0.13.16 26.x < 26.0.12, 27.x < 27.1.7, 28.x < 28.0.3 Improper Access Control Vulnerability (GHSA-5mq8-738w-5942)
2024-06-1800:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
2
nextcloud server
access control
vulnerability
version 25.0.13.16
security advisory
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
Nextcloud Server is prone to an improper access control
vulnerability.
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:nextcloud:nextcloud_server";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.127777");
script_version("2024-06-20T05:05:33+0000");
script_tag(name:"last_modification", value:"2024-06-20 05:05:33 +0000 (Thu, 20 Jun 2024)");
script_tag(name:"creation_date", value:"2024-06-18 09:56:29 +0000 (Tue, 18 Jun 2024)");
script_tag(name:"cvss_base", value:"4.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:P/A:N");
script_cve_id("CVE-2024-37315");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Nextcloud Server < 23.0.12.16, 24.x < 24.0.12.12, 25.x < 25.0.13.16 26.x < 26.0.12, 27.x < 27.1.7, 28.x < 28.0.3 Improper Access Control Vulnerability (GHSA-5mq8-738w-5942)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_nextcloud_detect.nasl");
script_mandatory_keys("nextcloud/installed");
script_tag(name:"summary", value:"Nextcloud Server is prone to an improper access control
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"impact", value:"An attacker with read-only access to a file is able to restore
older versions of a document when the files_versions app is enabled.");
script_tag(name:"affected", value:"Nextcloud Server versions prior to 23.0.12.16, 24.x prior to
24.0.12.12, 25.x prior to 25.0.13.16, 26.x prior to 26.0.12, 27.x prior to 27.1.7 and 28.x prior
to 28.0.3.");
script_tag(name:"solution", value:"Update to version 23.0.12.16, 24.0.12.12, 25.0.13.16, 26.0.12,
27.1.7, 28.0.3 or later.");
script_xref(name:"URL", value:"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5mq8-738w-5942");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "23.0.12.16")) {
report = report_fixed_ver(installed_version: version, fixed_version: "23.0.12.16 (Nextcloud Enterprise only)", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "24.0.0", test_version_up: "24.0.12.12")) {
report = report_fixed_ver(installed_version: version, fixed_version: "24.0.12.12 (Nextcloud Enterprise only)", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "25.0.0", test_version_up: "25.0.13.16")) {
report = report_fixed_ver(installed_version: version, fixed_version: "25.0.13.16 (Nextcloud Enterprise only)", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "26.0.0", test_version_up: "26.0.12")) {
report = report_fixed_ver(installed_version: version, fixed_version: "26.0.12", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "27.0.0", test_version_up: "27.1.7")) {
report = report_fixed_ver(installed_version: version, fixed_version: "27.1.7", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "28.0.0", test_version_up: "28.0.3")) {
report = report_fixed_ver(installed_version: version, fixed_version: "28.0.3", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
Related
cvelist
cvelist
CVE-2024-37315 Nextcloud Server's read-only users can restore old versions
2024-06-14 15:08:54
nextcloud
nextcloud
Read-only users can restore old versions
2024-06-14 14:29:54
nvd
nvd
CVE-2024-37315
2024-06-14 16:15:11
hackerone
hackerone
Nextcloud: Read-only users can restore old versions
2021-10-01 15:42:06
cve
cve
CVE-2024-37315
2024-06-14 16:15:11
vulnrichment
vulnrichment
CVE-2024-37315 Nextcloud Server's read-only users can restore old versions
2024-06-14 15:08:54
redos
redos
ROS-20240627-06
2024-06-27 00:00:00
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
Related for OPENVAS:1361412562310127777