CVE-2023-48303
low-risk
Published 2023-11-21
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. No known workarounds are available.
Do I need to act?
-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.4/10
Low
NETWORK
/ LOW complexity
Affected Products (2)
Affected Vendors
References (6)
Issue Tracking
https://github.com/nextcloud/server/pull/39895
Permissions Required
https://hackerone.com/reports/2107934
Issue Tracking
https://github.com/nextcloud/server/pull/39895
Permissions Required
https://hackerone.com/reports/2107934
21
/ 100
low-risk
Severity
13/34 · Low
Exploitability
1/34 · Minimal
Exposure
7/34 · Low