Lucene search

NextcloudGHSA-H353-VVWV-J2R4

HistoryJun 22, 2023 - 6:15 a.m.

Open redirect on "Unsupported browser" warning

2023-06-2206:15:38

github.com

open redirect

nextcloud server

security advisory

hackerone

pullrequest

support ticket

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.2%

JSON

Description

Impact

An attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker’s site.

Patches

It is recommended that the Nextcloud Server is upgraded to 26.0.2
It is recommended that the Nextcloud Enterprise Server is upgraded to 26.0.2

Workarounds

No workaround available

References

For more information

If you have any questions or comments about this advisory:

Create a post in nextcloud/security-advisories
Customers: Open a support ticket at portal.nextcloud.com

References

github.com/nextcloud/server/pull/38194

hackerone.com/reports/1977222

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.2%

JSON

Related for GHSA-H353-VVWV-J2R4