Home > Vulnerability Database > CVE-2023-30539

Mend.io Vulnerability Database

CVE-2023-30539

Good to know:

Date: April 17, 2023

Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Server is upgraded to 24.0.11 or 25.0.5, the Nextcloud Enterprise Server to 21.0.9.11, 22.2.10.11, 23.0.12.6, 24.0.11 or 25.0.5, and the Nextcloud Files automated tagging app to 1.11.1, 1.12.1, 1.13.1, 1.14.2, 1.15.3 or 1.16.1. Users unable to upgrade should disable all workflow related apps. Users are advised to upgrade.

Language: PHP

Severity Score

8.8

Related Resources (6)

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3m2f-v8x7-9w99

Url: https://hackerone.com/reports/1895976

Url: https://github.com/nextcloud/files_automatedtagging/pull/705

Url: https://github.com/nextcloud/server/pull/37252

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-30539

Url: https://www.mend.io/vulnerability-database/CVE-2023-30539

Severity Score

8.8

Weakness Type (CWE)

Improper Access Control

CWE-284

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version files_automatedtagging - v1.11.1,v1.12.1,v1.13.1,v1.14.2,v1.15.3,v1.16.1, server - v24.0.11,v25.0.5

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-30539

Good to know:

Date: April 17, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?