CVE-2023-25150

Document content of files can be obtained through Collabora for files of other users

CVSS 5.8 MEDIUMEPSS 0.7%CWE-284

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.8EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

08 Feb 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue.

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

Affected products

nextcloud · security-advisories

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/nextcloud/richdocuments/pull/2669 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64xc-r58v-53gj https://hackerone.com/reports/1788222