CVSS 3.1 Score 8.5 of 10 (high)


Published Nov 21, 2023
Updated: Nov 29, 2023
CWE ID 284


CVE-2023-48239 is a vulnerability that affects Nextcloud Server, an open-source cloud platform. Versions 25.0.0 to 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server, as well as versions 20.0.0 to,,,,, 25.0.13, 26.0., and 27..1..3 of Nextcloud Enterprise Server are vulnerable to this issue where a malicious user can update personal or global external storage, rendering them inaccessible for everyone else as well. The potential danger posed by this vulnerability is that it can lead to unauthorized access and disruption of data storage in the affected Nextcloud instances. To remediate the vulnerability, users are advised to upgrade their Nextcloud Server to version 25..13.,26..8., or 27..1..3., or their Nextcloud Enterprise Server to version 20..14..16.,21..9..13.,22..2..10..15.,23...12...12.,24...12...8.,25...13.,26...8., or 27...1...3. As a temporary workaround until the patched version is deployed, users can disable the "app files_external," but this would also make the external storage inaccessible while retaining configurations.

Note: The provided information does not mention any potential danger in terms of specific attacks or impacts on organizations using Nextcloud Server or Nextcloud Enterprise Server with this vulnerability

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-48239 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options