Nextcloud Server@27.0.0 Security Vulnerabilities and Issues — Nextcloud Server@27.0.0 CVE List

Lucene search

NextcloudNextcloud Server27.0.0

8 matches found

CVE•added 2023/08/10 6:15 p.m.•159 views

CVE-2023-39963

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a missing password confirmation allowed an attacker, after successfully stealing...

8.1CVSS7.7AI score0.00137EPSS

CVE•added 2023/10/16 7:15 p.m.•82 views

CVE-2023-45151

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Next...

8.8CVSS7.4AI score0.0063EPSS

CVE•added 2023/08/10 6:15 p.m.•76 views

CVE-2023-39962

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external storag...

7.7CVSS7.4AI score0.00239EPSS

CVE•added 2023/10/16 7:15 p.m.•72 views

CVE-2023-45148

Nextcloud is an open source home cloud server. When Memcached is used as memcache.distributed the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade...

4.3CVSS4.4AI score0.00177EPSS

CVE•added 2023/08/10 2:15 p.m.•60 views

CVE-2023-39952

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permis...

6.5CVSS6.3AI score0.00234EPSS

CVE•added 2023/08/10 6:15 p.m.•57 views

CVE-2023-39959

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for t...

5.3CVSS4.5AI score0.0066EPSS

CVE•added 2023/08/10 6:15 p.m.•57 views

CVE-2023-39961

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and d...

4.3CVSS4.1AI score0.00252EPSS

CVE•added 2023/08/10 6:15 p.m.•52 views

CVE-2023-39958

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients. N...

5.8CVSS5.2AI score0.00353EPSS