Nextcloud Server Security Vulnerabilities and Issues — Nextcloud Server CVE List

Lucene search

NextcloudNextcloud Server

9 matches found

CVE•added 2023/03/30 7:15 p.m.•106 views

CVE-2023-26482

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, i...

9CVSS8.6AI score0.65511EPSS

CVE•added 2023/03/27 9:15 p.m.•88 views

CVE-2023-25817

Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the Nextclo...

8.1CVSS5.9AI score0.00099EPSS

CVE•added 2023/03/27 8:15 p.m.•69 views

CVE-2023-25818

Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit 704eb3aa password reset attempts are now throttled. Note th...

7.1CVSS6AI score0.0031EPSS

CVE•added 2023/03/30 7:15 p.m.•61 views

CVE-2023-28835

Nextcloud server is an open source home cloud implementation. In affected versions the generated fallback password when creating a share was using a weak complexity random number generator, so when the sharer did not change it the password could be guessable to an attacker willing to brute force it...

7.5CVSS5.5AI score0.00223EPSS

CVE•added 2023/03/22 7:15 p.m.•59 views

CVE-2023-25820

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud Enter...

7.8CVSS5.8AI score0.00129EPSS

CVE•added 2023/03/30 7:15 p.m.•57 views

CVE-2023-28644

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgrade...

7.5CVSS6.3AI score0.00606EPSS

CVE•added 2023/03/30 7:15 p.m.•54 views

CVE-2023-28833

Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these fi...

8.8CVSS6.1AI score0.00152EPSS

CVE•added 2023/03/31 11:15 p.m.•53 views

CVE-2023-28844

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgr...

6.5CVSS5.8AI score0.00275EPSS

CVE•added 2023/03/30 7:15 p.m.•49 views

CVE-2023-28643

Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will replace the first one instead of being renamed to {name} (2). It is recommended that the Nextcloud Serv...

8.8CVSS6.8AI score0.00556EPSS