Lucene search
K

4 matches found

OpenVAS
OpenVAS
added 2023/04/03 12:0 a.m.19 views

Nextcloud Server 24.x < 24.0.10, 25.x < 25.0.4 Multiple Vulnerabilities (GHSA-h3c9-cmh8-7qpj, GHSA-ch7f-px7m-hg25, GHSA-5w64-6c42-rgcv, GHSA-7w2p-rp9m-9xp9)

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

9CVSS6.5AI score0.04176EPSS
Exploits3References4
Circl
Circl
added 2023/03/30 10:35 p.m.17 views

CVE-2023-26482

creationtimestamp| type| source ---|---|--- 2023-03-30 22:35:31+00:00| seen| https://t.me/cibsecurity/61195 2023-04-03 12:26:26+00:00| seen| https://www.cert.at/de/warnungen/2023/4/kritische-sicherheitslucke-in-nextcloud-und-nextcloud-enterprise-updates-verfugbar 2023-04-05 22:05:51+00:00|...

9CVSS7.3AI score0.04176EPSS
Exploits2References6
Cvelist
Cvelist
added 2023/03/30 6:27 p.m.29 views

CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...

9CVSS9.2AI score0.04176EPSS
Exploits2References2
CVE
CVE
added 2023/03/30 6:27 p.m.179 views

CVE-2023-26482

CVE-2023-26482 affects Nextcloud Server (24.x prior to 24.0.10 and 25.x prior to 25.0.4 in several sources). The issue is a missing scope validation for Workflow operations, allowing creation of workflows intended for admins to be usable by non-admin contexts and, in combination with certain apps...

9CVSS8.6AI score0.04176EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder