Multiple vulnerabilities in Nextcloud Server and Enterprise Server

Published: 2023-12-19

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2023-49791 CVE-2023-49792
CWE-ID	CWE-284 CWE-307
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Nextcloud Enterprise Server Client/Desktop applications / Messaging software Nextcloud Server Client/Desktop applications / Messaging software
Vendor	Nextcloud

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU84547

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-49791

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to workflows do not require password confirmation on API level. A remote user can bypass implemented security restrictions and delete and modify workflows.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Nextcloud Enterprise Server: 23.0.0 - 27.1.3

Nextcloud Server: 26.0.0 - 27.1.3

External links

http://github.com/nextcloud/security-advisories/security/advisories/GHSA-3f8p-6qww-2prr

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Restriction of Excessive Authentication Attempts

EUVDB-ID: #VU84543

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-49792

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts