Vulnerabilities > CVE-2023-39961 - Unspecified vulnerability in Nextcloud Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.
Vulnerable Configurations
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qhgm-w4gx-gvgp
- https://github.com/nextcloud/text/pull/4481
- https://github.com/nextcloud/text/pull/4481
- https://hackerone.com/reports/1965156
- https://hackerone.com/reports/1965156