CVE-2023-25162Server-Side Request Forgery in Security-advisories

CWE-918Server-Side Request Forgery2 documents2 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 57.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Server
Timeline
PublishedFeb 13

Description

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enter

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud_server24.0.024.0.8+1
CVEListV5nextcloud/security-advisories< 23.0.12+1

🔴Vulnerability Details

1
CVEList
Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs2023-02-13
CVE-2023-25162 — Server-Side Request Forgery | cvebase