Executive Summary

Informations
Name CVE-2023-25159 First vendor Publication 2023-02-13
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Overall CVSS Score 5.3
Base Score 5.3 Environmental Score 5.3
impact SubScore 1.4 Temporal Score 5.3
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact Low
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get applied. This issue is fixed in Nextcloud Server 25.0.1 and 24.0.8, Nextcloud Enterprise Server 25.0.1 and 24.0.8, and Nextcloud Office (Richdocuments) App 7.0.1 (for 25) and 6.3.1 (for 24). No known workarounds are available.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25159

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 29
Application 3

Sources (Detail)

Source Url
MISC https://github.com/nextcloud/richdocuments/pull/2579
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92g...
https://github.com/nextcloud/server/pull/34799
https://hackerone.com/reports/1745755

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Date Informations
2024-08-02 13:46:16
  • Multiple Updates
2024-08-02 01:32:24
  • Multiple Updates
2024-02-02 02:43:34
  • Multiple Updates
2024-02-01 12:29:30
  • Multiple Updates
2023-11-07 21:30:12
  • Multiple Updates
2023-09-05 13:39:09
  • Multiple Updates
2023-09-05 01:28:45
  • Multiple Updates
2023-09-02 13:37:24
  • Multiple Updates
2023-09-02 01:29:14
  • Multiple Updates
2023-08-12 13:42:52
  • Multiple Updates
2023-08-12 01:28:28
  • Multiple Updates
2023-08-11 13:34:03
  • Multiple Updates
2023-08-11 01:29:20
  • Multiple Updates
2023-08-06 13:31:24
  • Multiple Updates
2023-08-06 01:28:06
  • Multiple Updates
2023-08-04 13:31:52
  • Multiple Updates
2023-08-04 01:28:29
  • Multiple Updates
2023-07-14 13:31:40
  • Multiple Updates
2023-07-14 01:28:07
  • Multiple Updates
2023-05-12 02:18:51
  • Multiple Updates
2023-04-04 02:17:43
  • Multiple Updates
2023-03-29 02:30:11
  • Multiple Updates
2023-03-28 12:27:51
  • Multiple Updates
2023-02-24 21:27:21
  • Multiple Updates
2023-02-14 00:27:17
  • Multiple Updates
2023-02-13 21:27:14
  • First insertion