Nextcloud Server 25.0.13

CPE Details

Nextcloud Server 25.0.13
nextcloud
nextcloud_server
25.0.13
2023-11-29
13h07 +00:00
2023-11-29
13h07 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:nextcloud:nextcloud_server:25.0.13:*:*:*:-:*:*:*

Informations

Vendor

nextcloud

Product

nextcloud_server

Version

25.0.13

Software Edition

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-22403 2024-01-18 20h03 +00:00 Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no longer be authenticated. To exploit this vulnerability an attacker would need to intercept an OAuth code from a user session. It is recommended that the Nextcloud Server is upgraded to 28.0.0. There are no known workarounds for this vulnerability.
3.7
Bas
CVE-2023-48301 2023-11-21 21h26 +00:00 Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clicking the circle name in a search filter. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app circles.
5.4
Moyen