CVE-2023-48301
CVSS V2 None
CVSS V3 None
Description
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clicking the circle name in a search filter. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app circles.
Overview
- CVE ID
- CVE-2023-48301
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-11-21T21:26:21.288Z
- Last Modified Date
- 2023-11-21T21:26:21.288Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wgpw-qqq2-gwv6 | x_refsource_CONFIRM |
https://github.com/nextcloud/circles/pull/1415 | x_refsource_MISC |
https://hackerone.com/reports/2210038 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-48301 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48301 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-24 23:31:31 | Added to TrackCVE |