CVE-2023-25817

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-25817

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25817.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-25817

Aliases

GHSA-8v5c-f752-fgpv

Published

2023-03-27T20:04:15Z

Modified

2025-10-16T09:35:34.813695Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Delete permissions are not saved when creating public share in Nextcloud server

Details

Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the Nextcloud Server is upgraded to 24.0.9. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/server
Events: Introduced

5f37aacb3194d51503aaa3529ae8f676b32a25d7

Fixed

b4899ddee19c94db5d65c1f813fad51541ae1347

Affected versions

v24.*

v24.0.0

v24.0.1

v24.0.1rc1

v24.0.2

v24.0.2rc1

v24.0.3

v24.0.3rc1

v24.0.3rc2

v24.0.4

v24.0.4rc1

v24.0.5

v24.0.5rc1

v24.0.6

v24.0.6rc1

v24.0.7

v24.0.7rc1

v24.0.8

v24.0.8rc1

v24.0.8rc2

v24.0.9rc1

v24.0.9rc2