Home > Vulnerability Database > CVE-2023-45151

Mend.io Vulnerability Database

CVE-2023-45151

Good to know:

Date: October 16, 2023

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability.

Language: PHP

Severity Score

6.5

Related Resources (5)

Url: https://github.com/nextcloud/server/pull/38398

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9

Url: https://hackerone.com/reports/1994324

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-45151

Url: https://www.mend.io/vulnerability-database/CVE-2023-45151

Severity Score

6.5

Weakness Type (CWE)

Cleartext Storage of Sensitive Information

CWE-312

Top Fix

Upgrade Version

Upgrade to version v25.0.8,v26.0.3,v27.0.1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-45151

Good to know:

Date: October 16, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?