CVE-2023-35171

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-35171

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35171.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-35171

Aliases

GHSA-h353-vvwv-j2r4

Published

2023-06-23T20:44:34Z

Modified

2025-10-16T09:56:48.288158Z

Severity

4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N CVSS Calculator

Summary

Nextcloud Server vulnerable to open redirect on "Unsupported browser" warning

Details

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/server
Events: Introduced

62cfd3b4c9ff4d8cdbbe6dcc8b63a1085bb94e3d

Fixed

053cefa373ab62edce8bb69fcfc0d6a5ee6fc3f9

Affected versions

v26.*

v26.0.0

v26.0.1

v26.0.1rc1

v26.0.2rc1