CVE-2023-25150 - OpenCVE

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Nextcloud	Richdocuments

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:richdocuments::::::::
	cpe:2.3:a:nextcloud:richdocuments::::::::
	cpe:2.3:a:nextcloud:richdocuments::::::::
	cpe:2.3:a:nextcloud:richdocuments::::::::
	cpe:2.3:a:nextcloud:richdocuments::::::::

References

Link	Resource
https://github.com/nextcloud/richdocuments/pull/2669	Patch Vendor Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64xc-r58v-53gj	Vendor Advisory
https://hackerone.com/reports/1788222	Permissions Required Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-02-08T19:15:47.344Z

Updated:

Reserved: 2023-02-03T16:59:18.242Z

Link: CVE-2023-25150

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-02-08T20:15:24.447

Modified: 2023-02-16T22:20:13.407

Link: CVE-2023-25150

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-25150", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-02-03T16:59:18.242Z", "datePublished": "2023-02-08T19:15:47.344Z"}, "containers": {"cna": {"title": "Document content of files can be obtained through Collabora for files of other users", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64xc-r58v-53gj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64xc-r58v-53gj"}, {"name": "https://github.com/nextcloud/richdocuments/pull/2669", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/richdocuments/pull/2669"}, {"name": "https://hackerone.com/reports/1788222", "tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1788222"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": "< 3.8.7", "status": "affected"}, {"version": ">= 4.0.0, < 4.2.9", "status": "affected"}, {"version": ">= 5.0.0, < 5.0.10", "status": "affected"}, {"version": ">= 6.0.0, < 6.3.2", "status": "affected"}, {"version": ">= 7.0.0, < 7.0.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-02-08T19:15:47.344Z"}, "descriptions": [{"lang": "en", "value": "Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue."}], "source": {"advisory": "GHSA-64xc-r58v-53gj", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*", "matchCriteriaId": "2475BAE2-CD26-4885-8F5D-E90A2B4230FF", "versionEndExcluding": "3.8.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CB7B5-A751-4D7B-B585-3EF25B301724", "versionEndExcluding": "4.2.9", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*", "matchCriteriaId": "6098B7F8-2EC6-4D62-9CD7-96BD1237B197", "versionEndExcluding": "5.0.10", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA0BC53B-B9D9-467A-A58D-D2B41CEF0327", "versionEndExcluding": "6.3.2", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B7DAD1E-149D-4664-8B3A-492DA170CB69", "versionEndExcluding": "7.0.2", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue."}], "id": "CVE-2023-25150", "lastModified": "2023-02-16T22:20:13.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-02-08T20:15:24.447", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/nextcloud/richdocuments/pull/2669"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64xc-r58v-53gj"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1788222"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Secondary"}]}