admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-399xx/CVE-2023-39958.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

187 lines
6.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-39958",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-10T18:15:09.600",
"lastModified": "2024-11-21T08:16:07.090",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "22.0.0",
"versionEndExcluding": "22.2.10.14",
"matchCriteriaId": "916FDFBE-023F-4EC1-947B-8B2F2A0E5E84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.0.12.9",
"matchCriteriaId": "881A0D0D-1888-43D8-A22C-FD38D28EB601"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.0.12.5",
"matchCriteriaId": "B2AF81DA-6377-4051-AF70-141FC50E049F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.9",
"matchCriteriaId": "623D58E0-57A0-42B3-8ED6-DF3B988633AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.9",
"matchCriteriaId": "D60D3184-C289-49E8-9FBE-EDA8B927131A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.4",
"matchCriteriaId": "CA187E45-EB4B-468A-9291-FD66B360B2D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.4",
"matchCriteriaId": "2D0FA653-A595-4EC8-9F77-0AD1A4699B07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:*",
"matchCriteriaId": "13650329-BCD1-4FDB-9446-5133C0EDC905"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "DB1974B0-31C5-4E22-9E8C-BD40C6B54D0C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vv27-g2hq-v48h",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/38773",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/1258448",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vv27-g2hq-v48h",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/38773",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/1258448",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink