CVE-2023-35171

CWE-601 — Open Redirect2 documents2 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 37.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Nextcloud Server Nextcloud Security-advisories

Timeline

PublishedJun 23

Description

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages2 packages

▶NVDnextcloud/nextcloud_server26.0.0 — 26.0.2

▶CVEListV5nextcloud/security-advisories>= 26.0.0, < 26.0.2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Nextcloud Server vulnerable to open redirect on "Unsupported browser" warning↗2023-06-23

▶