CVE-2023-35172 - OpenCVE

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nextcloud	Nextcloud Server

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*

No data.

References

Link	Providers
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mjf5-p765-qmr6
https://github.com/nextcloud/server/pull/38267
https://hackerone.com/reports/1987062

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-23T20:49:56.795Z

Updated: 2024-08-02T16:23:59.430Z

Reserved: 2023-06-14T14:17:52.180Z

Link: CVE-2023-35172

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-06-23T21:15:09.777

Modified: 2023-07-05T13:34:36.727

Link: CVE-2023-35172

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-35172", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-14T14:17:52.180Z", "datePublished": "2023-06-23T20:49:56.795Z", "dateUpdated": "2024-08-02T16:23:59.430Z"}, "containers": {"cna": {"title": "Nextcloud Server password reset endpoint is not brute force protected", "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "lang": "en", "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mjf5-p765-qmr6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mjf5-p765-qmr6"}, {"name": "https://github.com/nextcloud/server/pull/38267", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/server/pull/38267"}, {"name": "https://hackerone.com/reports/1987062", "tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1987062"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": "Nextcloud Server >= 25.0.0, < 25.0.7", "status": "affected"}, {"version": "Nextcloud Server >= 26.0.0, < 26.0.2", "status": "affected"}, {"version": "Nextcloud Enterprise Server >= 25.0.0, < 25.0.7", "status": "affected"}, {"version": "Nextcloud Enterprise Server >= 26.0.0, < 26.0.2", "status": "affected"}, {"version": "Nextcloud Enterprise Server >= 21.0.0, < 21.0.9.12", "status": "affected"}, {"version": "Nextcloud Enterprise Server >= 22.0.0, < 22.2.10.12", "status": "affected"}, {"version": "Nextcloud Enterprise Server >= 23.0.0, < 23.0.12.7", "status": "affected"}, {"version": "Nextcloud Enterprise Server >= 24.0.0, < 24.0.12.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-06-23T20:49:56.795Z"}, "descriptions": [{"lang": "en", "value": "NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available."}], "source": {"advisory": "GHSA-mjf5-p765-qmr6", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:23:59.430Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mjf5-p765-qmr6", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mjf5-p765-qmr6"}, {"name": "https://github.com/nextcloud/server/pull/38267", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/server/pull/38267"}, {"name": "https://hackerone.com/reports/1987062", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1987062"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C3851B67-74A7-4D1D-8B7C-F5A0075B2700", "versionEndExcluding": "21.0.9.12", "versionStartIncluding": "21.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C5FA775A-1796-4C82-B943-CEC91FDA6A00", "versionEndExcluding": "22.2.10.12", "versionStartIncluding": "22.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "57E82EBA-930D-4B32-B2B5-3B7119C2EF8F", "versionEndExcluding": "23.0.12.7", "versionStartIncluding": "23.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9603AC3F-5104-4C18-BF51-25B52BC7E146", "versionEndExcluding": "24.0.12.2", "versionStartIncluding": "24.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "matchCriteriaId": "DD58A3B6-945E-4AFC-AE5C-A374C884167B", "versionEndExcluding": "25.0.7", "versionStartIncluding": "25.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7AC695D0-BD79-42B5-BA1D-3356791E4DEC", "versionEndExcluding": "25.0.7", "versionStartIncluding": "25.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "matchCriteriaId": "CB3473C7-E5B9-44B1-AC74-F7224D9AB78B", "versionEndExcluding": "26.0.2", "versionStartIncluding": "26.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "AE95CF9F-D964-4857-8805-2CE4CF2F6328", "versionEndExcluding": "26.0.2", "versionStartIncluding": "26.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available."}], "id": "CVE-2023-35172", "lastModified": "2023-07-05T13:34:36.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-06-23T21:15:09.777", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mjf5-p765-qmr6"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/nextcloud/server/pull/38267"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/1987062"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "security-advisories@github.com", "type": "Primary"}]}