CVE-2023-45151 - OpenCVE

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nextcloud	Nextcloud Server

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:27.0.0::::-:::
	cpe:2.3:a:nextcloud:nextcloud_server:27.0.0::::enterprise:::

No data.

References

Link	Providers
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9
https://github.com/nextcloud/server/pull/38398
https://hackerone.com/reports/1994324

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-16T18:41:28.713Z

Updated: 2024-09-16T14:57:44.642Z

Reserved: 2023-10-04T16:02:46.331Z

Link: CVE-2023-45151

Vulnrichment

Updated: 2024-08-02T20:14:19.395Z

NVD

Status : Analyzed

Published: 2023-10-16T19:15:10.957

Modified: 2023-10-20T12:18:25.917

Link: CVE-2023-45151

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45151", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-04T16:02:46.331Z", "datePublished": "2023-10-16T18:41:28.713Z", "dateUpdated": "2024-09-16T14:57:44.642Z"}, "containers": {"cna": {"title": "OAuth2 client_secret stored in plain text in the Nextcloud database", "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "lang": "en", "description": "CWE-312: Cleartext Storage of Sensitive Information", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9"}, {"name": "https://github.com/nextcloud/server/pull/38398", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/server/pull/38398"}, {"name": "https://hackerone.com/reports/1994324", "tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1994324"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": ">= 25.0.0, < 25.0.8", "status": "affected"}, {"version": ">= 26.0.0, < 26.0.3", "status": "affected"}, {"version": ">= 27.0.0, < 27.0.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-16T18:41:28.713Z"}, "descriptions": [{"lang": "en", "value": "Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-hhgv-jcg9-p4m9", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:14:19.395Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9"}, {"name": "https://github.com/nextcloud/server/pull/38398", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/server/pull/38398"}, {"name": "https://hackerone.com/reports/1994324", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1994324"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-16T14:57:28.810714Z", "id": "CVE-2023-45151", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T14:57:44.642Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9", "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/nextcloud/server/pull/38398", "name": "https://github.com/nextcloud/server/pull/38398", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://hackerone.com/reports/1994324", "name": "https://hackerone.com/reports/1994324", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:14:19.395Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-45151", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-16T14:57:28.810714Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T14:57:40.484Z"}}], "cna": {"title": "OAuth2 client_secret stored in plain text in the Nextcloud database", "source": {"advisory": "GHSA-hhgv-jcg9-p4m9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"status": "affected", "version": ">= 25.0.0, < 25.0.8"}, {"status": "affected", "version": ">= 26.0.0, < 26.0.3"}, {"status": "affected", "version": ">= 27.0.0, < 27.0.1"}]}], "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9", "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nextcloud/server/pull/38398", "name": "https://github.com/nextcloud/server/pull/38398", "tags": ["x_refsource_MISC"]}, {"url": "https://hackerone.com/reports/1994324", "name": "https://hackerone.com/reports/1994324", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312: Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-16T18:41:28.713Z"}}}, "cveMetadata": {"cveId": "CVE-2023-45151", "state": "PUBLISHED", "dateUpdated": "2024-09-16T14:57:44.642Z", "dateReserved": "2023-10-04T16:02:46.331Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-10-16T18:41:28.713Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "matchCriteriaId": "A2EE7242-A7BB-4FE3-8617-9C355C68EB2A", "versionEndExcluding": "25.0.8", "versionStartIncluding": "25.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "05C7C20F-A320-425C-BECF-E895E5ACF1CF", "versionEndExcluding": "25.0.8", "versionStartIncluding": "25.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "matchCriteriaId": "636E2B84-2F89-4F35-9ADF-BCB1761B2E2D", "versionEndExcluding": "26.0.3", "versionStartIncluding": "26.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "54FD90F4-2243-4A99-954B-FCC44EE180AB", "versionEndExcluding": "26.0.3", "versionStartIncluding": "26.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:*", "matchCriteriaId": "13650329-BCD1-4FDB-9446-5133C0EDC905", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "DB1974B0-31C5-4E22-9E8C-BD40C6B54D0C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "El servidor Nextcloud es una plataforma de nube dom\u00e9stica de c\u00f3digo abierto. Las versiones afectadas de Nextcloud almacenaron tokens OAuth2 en texto plano, lo que permite a un atacante que haya obtenido acceso al servidor elevar potencialmente sus privilegios. Este problema se solucion\u00f3 y se recomienda a los usuarios actualizar su servidor Nextcloud a la versi\u00f3n 25.0.8, 26.0.3 o 27.0.1. No se conocen workarounds para esta vulnerabilidad."}], "id": "CVE-2023-45151", "lastModified": "2023-10-20T12:18:25.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-10-16T19:15:10.957", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/nextcloud/server/pull/38398"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/1994324"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "security-advisories@github.com", "type": "Secondary"}]}