CVE-2023-39962

CWE-284Improper Access Control2 documents2 sources
Severity
7.7HIGH
EPSS
0.2%
top 52.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Nextcloud ServerNextcloud Security-advisories
Timeline
PublishedAug 10

Description

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages2 packages

NVDnextcloud/nextcloud_server19.0.019.0.13.10+8
CVEListV5nextcloud/security-advisories9 versions+8

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Users can delete external storage mount points2023-08-10
CVE-2023-39962 (HIGH CVSS 7.7) | Nextcloud Server provides data stor | cvebase.io