Home > Vulnerability Database > CVE-2023-25821

Mend.io Vulnerability Database

CVE-2023-25821

Date: February 24, 2023

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available.

Language: PHP

Severity Score

5.7

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-25821

Url: https://hackerone.com/reports/1724016

Url: https://github.com/nextcloud/server/pull/34502

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7w6h-5qgw-4j94

Url: https://www.mend.io/vulnerability-database/CVE-2023-25821

Severity Score

5.7

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-25821

Date: February 24, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?