CVE-2023-30539
Published: Apr 17, 2023
Modified: Feb 5, 2025
CVSS v3.1
6.5
Description
Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Server is upgraded to 24.0.11 or 25.0.5, the Nextcloud Enterprise Server to 21.0.9.11, 22.2.10.11, 23.0.12.6, 24.0.11 or 25.0.5, and the Nextcloud Files automated tagging app to 1.11.1, 1.12.1, 1.13.1, 1.14.2, 1.15.3 or 1.16.1. Users unable to upgrade should disable all workflow related apps. Users are advised to upgrade.
| Vendor | Product | Versions |
|---|---|---|
nextcloud | security-advisories | affected Nextcloud Server: < 24.0.11affected Nextcloud Server: >= 25.0.0, < 25.0.5affected Nextcloud Files automated tagging: >= 1.11.0, < 1.11.1affected Nextcloud Files automated tagging: >= 1.12.0, < 1.12.1affected Nextcloud Files automated tagging: >= 1.13.0, < 1.13.1+3 more versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now