CVE-2023-49792

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-49792
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-49792.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-49792
Related
  • GHSA-5j2p-q736-hw98
Published
2023-12-22T17:15:08Z
Modified
2025-01-08T09:53:44.748821Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events

Affected versions

v26.*

v26.0.0
v26.0.1
v26.0.1rc1
v26.0.2
v26.0.2rc1
v26.0.3
v26.0.3rc1
v26.0.3rc2
v26.0.4
v26.0.4rc1
v26.0.4rc2
v26.0.5
v26.0.5rc1
v26.0.6
v26.0.6rc1
v26.0.7
v26.0.8
v26.0.8rc1
v26.0.8rc2
v26.0.9rc1