Multiple vulnerabilities in Nextcloud Server and Enterprise Server
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2023-35171 CVE-2023-35927 CVE-2023-35172 CVE-2023-35928 CVE-2023-32320 |
| CWE-ID | CWE-601 CWE-284 CWE-307 CWE-256 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Nextcloud Server Client/Desktop applications / Messaging software Nextcloud Enterprise Server Client/Desktop applications / Messaging software |
| Vendor | Nextcloud |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Open redirect
EUVDB-ID: #VU77659
Risk: Low
CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35171
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data on "Unsupported browser" warning. A remote user can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Server: 26.0.0 - 26.0.1
Nextcloud Enterprise Server: 26.0.0 - 26.0.1
External linkshttp://github.com/nextcloud/security-advisories/security/advisories/GHSA-h353-vvwv-j2r4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU77663
Risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35927
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions when two servers are registered as trusted servers for each other and successfully exchanged the share secrets. A remote user can modify or delete VCards in the system addressbook on the origin server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Enterprise Server: 16.0.0 - 26.0.1
Nextcloud Server: 25.0.0 - 26.0.1
External linkshttp://github.com/nextcloud/security-advisories/security/advisories/GHSA-h7f7-535f-7q87
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Restriction of Excessive Authentication Attempts
EUVDB-ID: #VU77662
Risk: High
CVSSv3.1: 7.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35172
CWE-ID:
CWE-307 - Improper Restriction of Excessive Authentication Attempts
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to missing brute force protection within the password reset endpoint. A remote attacker can brute-force the password reset links.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Enterprise Server: 21.0.0 - 26.0.1
Nextcloud Server: 25.0.0 - 26.0.1
External linkshttp://github.com/nextcloud/security-advisories/security/advisories/GHSA-mjf5-p765-qmr6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Unprotected storage of credentials
EUVDB-ID: #VU77661
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35928
CWE-ID:
CWE-256 - Unprotected Storage of Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to other users' credentials.
The vulnerability exists due to user scoped external storage can be used to gather credentials of other users. A remote administrator can get access to the login credentials of another user and take over their account.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Enterprise Server: 19.0.0 - 26.0.1
Nextcloud Server: 25.0.0 - 26.0.1
External linkshttp://github.com/nextcloud/security-advisories/security/advisories/GHSA-637g-xp2c-qh5h
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Restriction of Excessive Authentication Attempts
EUVDB-ID: #VU77660
Risk: High
CVSSv3.1: 7.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32320
CWE-ID:
CWE-307 - Improper Restriction of Excessive Authentication Attempts
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to missing brute force protection. A remote user can brute-force authentication on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Enterprise Server: 21.0.0 - 26.0.1
Nextcloud Server: 25.0.0 - 26.0.1
External linkshttp://github.com/nextcloud/security-advisories/security/advisories/GHSA-qphh-6xh7-vffg
http://github.com/nextcloud/server/pull/38274
http://hackerone.com/reports/1918525
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
