Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2023-28833
HistoryMar 30, 2023 - 7:15 p.m.

CVE-2023-28833

2023-03-3019:15:06
Google
osv.dev
4
nextcloud
server
logo
upload
vulnerability
fix
available
admin
file
overwrite

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.5%

JSON

Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these files by other means but this method could be exploited by tricking an admin into uploading a maliciously named file. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should avoid ingesting logo files from untrusted sources.

Related

cve 1
nvd 1
nextcloud 1
cvelist 1
hackerone 1
prion 1
openvas 1
redos 1
cve
cve
CVE-2023-28833
2023-03-30 19:15:06
nvd
nvd
CVE-2023-28833
2023-03-30 19:15:06
nextcloud
nextcloud
Ability to control the filename when uploading a logo or favicon as admin in the theming settings
2023-03-30 08:23:26
cvelist
cvelist
CVE-2023-28833 Unrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server
2023-03-30 18:49:38
hackerone
hackerone
Nextcloud: Ability to control the filename when uploading a logo or favicon on theming
2022-11-22 20:46:30
prion
prion
Design/Logic Flaw
2023-03-30 19:15:00
openvas
openvas
Nextcloud Server 24.x < 24.0.10, 25.x < 25.0.4 Multiple Vulnerabilities (GHSA-h3c9-cmh8-7qpj, GHSA-ch7f-px7m-hg25, GHSA-5w64-6c42-rgcv, GHSA-7w2p-rp9m-9xp9)
2023-04-03 00:00:00
redos
redos
ROS-20230418-01
2023-04-18 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.5%

JSON
Related for OSV:CVE-2023-28833
cve1nvd1nextcloud1cvelist1hackerone1prion1openvas1redos1