CVE-2023-48303

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. No known workarounds are available.

Published: Nov 21, 2023
Updated: Dec 1, 2023
CVE: CVE-2023-48303
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.7
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
nextcloud / nextcloud_server	26.0.0	26.0.6
nextcloud / nextcloud_server	25.0.0	25.0.11
nextcloud / nextcloud_server	27.0.0	27.1.0

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2448-44rp-c7hh
https://github.com/nextcloud/server/pull/39895
https://hackerone.com/reports/2107934

Vulnerability Database

289,599

CVE-2023-48303