CVE Vulnerability

CVE-2023-25150

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue.

5.7 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64xc-r58v-53gj Vendor Advisory
https://hackerone.com/reports/1788222 Permissions Required Third Party Advisory
https://github.com/nextcloud/richdocuments/pull/2669 Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*
Information

Published : 2023-02-08 08:15

Updated : 2023-02-16 10:20

NVD link : CVE-2023-25150

Mitre link : CVE-2023-25150

Products Affected
No products.
CWE
CWE-732