CVE-2023-28833

Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these files by other means but this method could be exploited by tricking an admin into uploading a maliciously named file. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should avoid ingesting logo files from untrusted sources.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/nextcloud/server/pull/36095	Issue Tracking Patch
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ch7f-px7m-hg25	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*

History

07 Apr 2023, 14:40

Type	Values Removed	Values Added
First Time		Nextcloud nextcloud Server Nextcloud
CPE		cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::* cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
References	~~(MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ch7f-px7m-hg25 -~~	(MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ch7f-px7m-hg25 - Vendor Advisory
References	~~(MISC) https://github.com/nextcloud/server/pull/36095 -~~	(MISC) https://github.com/nextcloud/server/pull/36095 - Issue Tracking, Patch
CWE	~~CWE-22~~	CWE-434

Information

Published : 2023-03-30 19:15

Updated : 2023-04-07 14:40

NVD link : CVE-2023-28833

Mitre link : CVE-2023-28833

JSON object : View

Products Affected

nextcloud

nextcloud_server

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/nextcloud/server/pull/36095", "name": "https://github.com/nextcloud/server/pull/36095", "tags": ["Issue Tracking", "Patch"], "refsource": "MISC"}, {"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ch7f-px7m-hg25", "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ch7f-px7m-hg25", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these files by other means but this method could be exploited by tricking an admin into uploading a maliciously named file. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should avoid ingesting logo files from untrusted sources."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-434"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-28833", "ASSIGNER": "security-advisories@github.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2023-03-30T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "25.0.4", "versionStartIncluding": "25.0.0"}, {"cpe23Uri": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "24.0.10", "versionStartIncluding": "24.0.0"}, {"cpe23Uri": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "24.0.10", "versionStartIncluding": "24.0.0"}, {"cpe23Uri": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "25.0.4", "versionStartIncluding": "25.0.0"}, {"cpe23Uri": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "23.0.14", "versionStartIncluding": "23.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-04-07T14:40Z"}