CVE-2023-25159

CWE-284 — Improper Access Control2 documents2 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 57.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Richdocuments Nextcloud Nextcloud Server Nextcloud Security-advisories

Timeline

PublishedFeb 13

Description

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark sho…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages3 packages

▶NVDnextcloud/nextcloud_server24.0.4 — 24.0.8+2

▶NVDnextcloud/richdocuments6.0.0 — 6.3.1+1

▶CVEListV5nextcloud/security-advisories4 versions+3

🔴Vulnerability Details

CVEList

Nextcloud Server previews are accessible without a watermark↗2023-02-13

▶