CVE-2023-39958

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-39958
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-39958.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-39958
Related
  • GHSA-vv27-g2hq-v48h
Published
2023-08-10T18:15:09Z
Modified
2025-01-08T09:44:02.060795Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events

Affected versions

v25.*

v25.0.0
v25.0.1
v25.0.1rc1
v25.0.2
v25.0.2rc1
v25.0.2rc2
v25.0.2rc3
v25.0.3
v25.0.3rc1
v25.0.3rc2
v25.0.4
v25.0.4rc1
v25.0.5
v25.0.5rc1
v25.0.6
v25.0.6rc1
v25.0.7
v25.0.7rc1
v25.0.8
v25.0.8rc1
v25.0.8rc2
v25.0.9rc1
v25.0.9rc2