CVE-2023-39961 - Vulnerability Details - OpenCVE

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Nextcloud	Nextcloud Server

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:27.0.0::::-:::
	cpe:2.3:a:nextcloud:nextcloud_server:27.0.0::::enterprise:::

No data.

References

Link	Providers
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp
https://github.com/nextcloud/text/pull/4481
https://hackerone.com/reports/1965156

History

Fri, 11 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-08-10T17:18:40.903Z

Updated: 2024-10-10T15:51:18.932Z

Reserved: 2023-08-07T16:27:27.076Z

Link: CVE-2023-39961

Vulnrichment

Updated: 2024-08-02T18:18:10.158Z

NVD

Status : Modified

Published: 2023-08-10T18:15:10.387

Modified: 2024-11-21T08:16:07.573

Link: CVE-2023-39961

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39961", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-07T16:27:27.076Z", "datePublished": "2023-08-10T17:18:40.903Z", "dateUpdated": "2024-10-10T15:51:18.932Z"}, "containers": {"cna": {"title": "Text does not respect \"Allow download\" permissions", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp"}, {"name": "https://github.com/nextcloud/text/pull/4481", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/text/pull/4481"}, {"name": "https://hackerone.com/reports/1965156", "tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1965156"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": ">= 24.0.4, < 24.0.12.5", "status": "affected"}, {"version": ">= 25.0.0, < 25.0.9", "status": "affected"}, {"version": ">= 27.0.0, < 27.0.1", "status": "affected"}, {"version": ">= 26.0.0, < 26.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-10T17:18:40.903Z"}, "descriptions": [{"lang": "en", "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available."}], "source": {"advisory": "GHSA-qhgm-w4gx-gvgp", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:18:10.158Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp"}, {"name": "https://github.com/nextcloud/text/pull/4481", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/text/pull/4481"}, {"name": "https://hackerone.com/reports/1965156", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1965156"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T15:51:09.615374Z", "id": "CVE-2023-39961", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T15:51:18.932Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39961", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-07T16:27:27.076Z", "datePublished": "2023-08-10T17:18:40.903Z", "dateUpdated": "2024-10-10T15:51:18.932Z"}, "containers": {"cna": {"title": "Text does not respect \"Allow download\" permissions", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp"}, {"name": "https://github.com/nextcloud/text/pull/4481", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/text/pull/4481"}, {"name": "https://hackerone.com/reports/1965156", "tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1965156"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": ">= 24.0.4, < 24.0.12.5", "status": "affected"}, {"version": ">= 25.0.0, < 25.0.9", "status": "affected"}, {"version": ">= 27.0.0, < 27.0.1", "status": "affected"}, {"version": ">= 26.0.0, < 26.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-10T17:18:40.903Z"}, "descriptions": [{"lang": "en", "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available."}], "source": {"advisory": "GHSA-qhgm-w4gx-gvgp", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:18:10.158Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp"}, {"name": "https://github.com/nextcloud/text/pull/4481", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/text/pull/4481"}, {"name": "https://hackerone.com/reports/1965156", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1965156"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39961", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-10T15:51:09.615374Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T15:51:15.002Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "matchCriteriaId": "623D58E0-57A0-42B3-8ED6-DF3B988633AB", "versionEndExcluding": "25.0.9", "versionStartIncluding": "25.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "D60D3184-C289-49E8-9FBE-EDA8B927131A", "versionEndExcluding": "25.0.9", "versionStartIncluding": "25.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "matchCriteriaId": "CA187E45-EB4B-468A-9291-FD66B360B2D6", "versionEndExcluding": "26.0.4", "versionStartIncluding": "26.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2D0FA653-A595-4EC8-9F77-0AD1A4699B07", "versionEndExcluding": "26.0.4", "versionStartIncluding": "26.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:*", "matchCriteriaId": "13650329-BCD1-4FDB-9446-5133C0EDC905", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "DB1974B0-31C5-4E22-9E8C-BD40C6B54D0C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available."}], "id": "CVE-2023-39961", "lastModified": "2024-11-21T08:16:07.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-10T18:15:10.387", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nextcloud/text/pull/4481"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/1965156"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/nextcloud/text/pull/4481"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/1965156"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Secondary"}]}