CVE-2023-49792

CWE-3072 documents2 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 38.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Nextcloud ServerNextcloud Security-advisories
Timeline
PublishedDec 22

Description

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and N

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud_server23.0.023.0.12.13+4
CVEListV5nextcloud/security-advisories5 versions+4

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Bruteforce protection can be bypassed with misconfigured proxy2023-12-22
CVE-2023-49792 (CRITICAL CVSS 9.8) | Nextcloud Server provides data stor | cvebase.io