CVE-2023-32318 - OpenCVE

Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nextcloud	Nextcloud Server

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:26.0.0::::-:::
	cpe:2.3:a:nextcloud:nextcloud_server:26.0.0::::enterprise:::

No data.

References

Link	Providers
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q8c4-chpj-6v38
https://github.com/nextcloud/text/pull/3946

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-05-26T17:21:17.942Z

Updated: 2024-08-02T15:10:24.851Z

Reserved: 2023-05-08T13:26:03.879Z

Link: CVE-2023-32318

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-26T18:15:13.930

Modified: 2023-06-02T12:57:32.097

Link: CVE-2023-32318

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32318", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-05-08T13:26:03.879Z", "datePublished": "2023-05-26T17:21:17.942Z", "dateUpdated": "2024-08-02T15:10:24.851Z"}, "containers": {"cna": {"title": "User session not correctly destroyed on logout", "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "lang": "en", "description": "CWE-613: Insufficient Session Expiration", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q8c4-chpj-6v38", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q8c4-chpj-6v38"}, {"name": "https://github.com/nextcloud/text/pull/3946", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/text/pull/3946"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": ">= 25.0.2, < 25.0.6", "status": "affected"}, {"version": ">= 26.0.0, < 26.0.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-05-26T17:21:17.942Z"}, "descriptions": [{"lang": "en", "value": "Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1."}], "source": {"advisory": "GHSA-q8c4-chpj-6v38", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:10:24.851Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q8c4-chpj-6v38", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q8c4-chpj-6v38"}, {"name": "https://github.com/nextcloud/text/pull/3946", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/text/pull/3946"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "matchCriteriaId": "4E6348D5-CDF1-4E33-8C69-BFF5486AB407", "versionEndExcluding": "25.0.6", "versionStartIncluding": "25.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6EE9AA47-F205-45DE-A32E-07494C6204FC", "versionEndExcluding": "25.0.6", "versionStartIncluding": "25.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:26.0.0:*:*:*:-:*:*:*", "matchCriteriaId": "78908077-798E-458C-8D8D-B46310565B57", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:26.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F3EA1593-5F17-4548-894E-0B525FCC0D6A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1."}], "id": "CVE-2023-32318", "lastModified": "2023-06-02T12:57:32.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-05-26T18:15:13.930", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q8c4-chpj-6v38"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nextcloud/text/pull/3946"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-613"}], "source": "security-advisories@github.com", "type": "Secondary"}]}