NextcloudGHSA-CH7F-PX7M-HG25Ability to control the filename when uploading a logo or favicon as admin in the theming settings
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
53.8%
Description
Impact
An admin was able to upload files with a provided file name into the appdata directory. Since admins of Nextcloud have remote code execution by default, there is no increased risk.
Patches
It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4
It is recommended that the Nextcloud Enterprise Server is upgraded to 23.0.14 or 24.0.10 or 25.0.4
Workarounds
- No workaround available
References
For more information
If you have any questions or comments about this advisory:
- Create a post in nextcloud/security-advisories
- Customers: Open a support ticket at support.nextcloud.com
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
53.8%