CVE-2023-39952

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permissions would block access to the subfolder. Nextcloud Server versions 25.0.8, 26.0.3, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1 contain a patch for this issue. No known workarounds are available.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
GitHub_MCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
nextcloudnextcloud_server
22.0.0 ≤
𝑥
< 22.2.10.13
nextcloudnextcloud_server
23.0.0 ≤
𝑥
< 23.0.12.8
nextcloudnextcloud_server
24.0.0 ≤
𝑥
< 24.0.12.4
nextcloudnextcloud_server
25.0.0 ≤
𝑥
< 25.0.8
nextcloudnextcloud_server
25.0.0 ≤
𝑥
< 25.0.8
nextcloudnextcloud_server
26.0.0 ≤
𝑥
< 26.0.3
nextcloudnextcloud_server
26.0.0 ≤
𝑥
< 26.0.3
nextcloudnextcloud_server
27.0.0
nextcloudnextcloud_server
27.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/nextcloud/groupfolders/issues/1906
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-cq8w-v4fh-4rjq
https://github.com/nextcloud/server/pull/38890
https://hackerone.com/reports/1808079
https://github.com/nextcloud/groupfolders/issues/1906
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-cq8w-v4fh-4rjq
https://github.com/nextcloud/server/pull/38890
https://hackerone.com/reports/1808079