CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
21.2%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 23.0.12.16, 24.0.12.12, 25.0.13.6, 26.0.12, 27.1.7 or 28.0.3.
[
{
"vendor": "nextcloud",
"product": "security-advisories",
"versions": [
{
"status": "affected",
"version": ">= 26.0.0, < 26.0.12"
},
{
"status": "affected",
"version": ">= 27.0.0, < 27.1.7"
},
{
"status": "affected",
"version": ">= 28.0.0, < 28.0.3"
}
]
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
21.2%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial