CVE-2023-48306

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, the DNS pin middleware was vulnerable to DNS rebinding allowing an attacker to perform SSRF as a final result. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
GitHub_MCNA
5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
nextcloudnextcloud_server
22.0.0 ≤
𝑥
< 22.2.10.16
nextcloudnextcloud_server
23.0.0 ≤
𝑥
< 23.0.12.11
nextcloudnextcloud_server
24.0.0 ≤
𝑥
< 24.0.12.7
nextcloudnextcloud_server
25.0.0 ≤
𝑥
< 25.0.11
nextcloudnextcloud_server
25.0.0 ≤
𝑥
< 25.0.11
nextcloudnextcloud_server
26.0.0 ≤
𝑥
< 26.0.6
nextcloudnextcloud_server
26.0.0 ≤
𝑥
< 26.0.6
nextcloudnextcloud_server
27.0.0 ≤
𝑥
< 27.1.0
nextcloudnextcloud_server
27.0.0 ≤
𝑥
< 27.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f69-f9jg-4x3v
https://github.com/nextcloud/server/pull/40234
https://hackerone.com/reports/2115212
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f69-f9jg-4x3v
https://github.com/nextcloud/server/pull/40234
https://hackerone.com/reports/2115212