CVE-2023-39962
CVSS 3.1 Score 7.7 of 10 (high)
Details
Summary
CVE-2023-39962 is a vulnerability affecting the Nextcloud Server, which provides data storage for the open-source cloud platform Nextcloud. Malicious users can exploit this issue, present in versions 19.0.0 through 27.0.1 of Nextcloud Server and certain editions of Nextcloud Enterprise Server, to delete any personal or global external storage. This deletion renders the storage inaccessible for all users. Patched versions of Nextcloud Server (25.0.9, 26.0.4, and 27.0.1) and Nextcloud Enterprise Server (19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1) address this vulnerability. As a temporary workaround, users can disable the app files_external, which makes the external storage inaccessible but preserves configurations until a patched version can be deployed.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Nextcloud Server
Affected Vendors
- Nextcloud GmbH