Home > Vulnerability Database > CVE-2023-25150

Mend.io Vulnerability Database

CVE-2023-25150

Good to know:

Date: February 8, 2023

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue.

Language: PHP

Severity Score

5.8

Related Resources (5)

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64xc-r58v-53gj

Url: https://hackerone.com/reports/1788222

Url: https://github.com/nextcloud/richdocuments/pull/2669

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-25150

Url: https://www.mend.io/vulnerability-database/CVE-2023-25150

Severity Score

5.8

Weakness Type (CWE)

Improper Access Control

CWE-284

Incorrect Permission Assignment for Critical Resource

CWE-732

Top Fix

Upgrade Version

Upgrade to version v3.8.7,v4.2.9,v5.0.10,v6.3.2,v7.0.2

Learn More

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-25150

Good to know:

Date: February 8, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?