CVE-2023-39963
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2023-39963 is a vulnerability affecting the Nextcloud Server, which provides data storage for the open-source cloud platform Nextcloud. In versions 20.0.0 through 27.0.1, a missing password confirmation feature allowed unauthorized access. After successfully stealing a user session, an attacker could create app passwords for the victim, potentially gaining unrestricted access to their account. Versions 25.0.9, 26.0.4, and 27.0.1 of Nextcloud Server, as well as certain versions of Nextcloud Enterprise Server, have been patched to address this issue. No known workarounds are currently available.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Nextcloud Server
Affected Vendors
- Nextcloud GmbH