Home > Vulnerability Database > CVE-2023-48303

Mend.io Vulnerability Database

CVE-2023-48303

Date: November 21, 2023

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. No known workarounds are available.

Language: PHP

Severity Score

2.4

Related Resources (5)

Url: https://github.com/nextcloud/server/pull/39895

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-48303

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2448-44rp-c7hh

Url: https://hackerone.com/reports/2107934

Url: https://www.mend.io/vulnerability-database/CVE-2023-48303

Severity Score

2.4

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	2.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-48303

Date: November 21, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?