CVE-2023-48301

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 21, 2023
Updated: Nov 30, 2023
CWE ID 79

Summary

CVE-2023-48301 is a vulnerability affecting Nextcloud Server, an open-source cloud platform used for data storage. Versions 25.0.0 and prior to 25.0.13, 26.0.8, and 27.1.3 are impacted. Maliciously crafted circle names could be inserted, causing those names to open when clicked in a search filter. This issue has been addressed in versions 25.0.13, 26.0.8, and 27.1.3. A workaround is to disable app circles until updates are applied.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Nextcloud Server

Affected Vendors

  • Nextcloud GmbH