CVE-2023-48239
CVSS 3.1 Score 8.5 of 10 (high)
Details
Summary
CVE-2023-48239 is a vulnerability that affects Nextcloud Server, an open-source cloud platform. Versions 25.0.0 to 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server, as well as versions 20.0.0 to 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0., and 27..1..3 of Nextcloud Enterprise Server are vulnerable to this issue where a malicious user can update personal or global external storage, rendering them inaccessible for everyone else as well. The potential danger posed by this vulnerability is that it can lead to unauthorized access and disruption of data storage in the affected Nextcloud instances. To remediate the vulnerability, users are advised to upgrade their Nextcloud Server to version 25..13.,26..8., or 27..1..3., or their Nextcloud Enterprise Server to version 20..14..16.,21..9..13.,22..2..10..15.,23...12...12.,24...12...8.,25...13.,26...8., or 27...1...3. As a temporary workaround until the patched version is deployed, users can disable the "app files_external," but this would also make the external storage inaccessible while retaining configurations. Note: The provided information does not mention any potential danger in terms of specific attacks or impacts on organizations using Nextcloud Server or Nextcloud Enterprise Server with this vulnerability
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions