CVE-2023-39961

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-39961
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-39961.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-39961
Related
  • GHSA-qhgm-w4gx-gvgp
Published
2023-08-10T18:15:10Z
Modified
2025-01-08T09:44:44.028305Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events

Affected versions

v25.*

v25.0.0
v25.0.1
v25.0.1rc1
v25.0.2
v25.0.2rc1
v25.0.2rc2
v25.0.2rc3
v25.0.3
v25.0.3rc1
v25.0.3rc2
v25.0.4
v25.0.4rc1
v25.0.5
v25.0.5rc1
v25.0.6
v25.0.6rc1
v25.0.7
v25.0.7rc1
v25.0.8
v25.0.8rc1
v25.0.8rc2
v25.0.9rc1
v25.0.9rc2