CVE-2023-45151 - OpenCVE

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Nextcloud	Nextcloud Server

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:27.0.0::::-:::
	cpe:2.3:a:nextcloud:nextcloud_server:27.0.0::::enterprise:::

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9	Vendor Advisory
https://github.com/nextcloud/server/pull/38398	Issue Tracking Patch
https://hackerone.com/reports/1994324	Permissions Required

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-16T18:41:28.713Z

Updated: 2023-10-16T18:41:28.713Z

Reserved: 2023-10-04T16:02:46.331Z

Link: CVE-2023-45151

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-16T19:15:10.957

Modified: 2023-10-20T12:18:25.917

Link: CVE-2023-45151

JSON object: View

Redhat Information

No data.

CWE

CWE-312

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-45151", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-04T16:02:46.331Z", "datePublished": "2023-10-16T18:41:28.713Z", "dateUpdated": "2023-10-16T18:41:28.713Z"}, "containers": {"cna": {"title": "OAuth2 client_secret stored in plain text in the Nextcloud database", "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "lang": "en", "description": "CWE-312: Cleartext Storage of Sensitive Information", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9"}, {"name": "https://github.com/nextcloud/server/pull/38398", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/server/pull/38398"}, {"name": "https://hackerone.com/reports/1994324", "tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1994324"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": ">= 25.0.0, < 25.0.8", "status": "affected"}, {"version": ">= 26.0.0, < 26.0.3", "status": "affected"}, {"version": ">= 27.0.0, < 27.0.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-16T18:41:28.713Z"}, "descriptions": [{"lang": "en", "value": "Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-hhgv-jcg9-p4m9", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "matchCriteriaId": "A2EE7242-A7BB-4FE3-8617-9C355C68EB2A", "versionEndExcluding": "25.0.8", "versionStartIncluding": "25.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "05C7C20F-A320-425C-BECF-E895E5ACF1CF", "versionEndExcluding": "25.0.8", "versionStartIncluding": "25.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "matchCriteriaId": "636E2B84-2F89-4F35-9ADF-BCB1761B2E2D", "versionEndExcluding": "26.0.3", "versionStartIncluding": "26.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "54FD90F4-2243-4A99-954B-FCC44EE180AB", "versionEndExcluding": "26.0.3", "versionStartIncluding": "26.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:*", "matchCriteriaId": "13650329-BCD1-4FDB-9446-5133C0EDC905", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "DB1974B0-31C5-4E22-9E8C-BD40C6B54D0C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "El servidor Nextcloud es una plataforma de nube dom\u00e9stica de c\u00f3digo abierto. Las versiones afectadas de Nextcloud almacenaron tokens OAuth2 en texto plano, lo que permite a un atacante que haya obtenido acceso al servidor elevar potencialmente sus privilegios. Este problema se solucion\u00f3 y se recomienda a los usuarios actualizar su servidor Nextcloud a la versi\u00f3n 25.0.8, 26.0.3 o 27.0.1. No se conocen workarounds para esta vulnerabilidad."}], "id": "CVE-2023-45151", "lastModified": "2023-10-20T12:18:25.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-10-16T19:15:10.957", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/nextcloud/server/pull/38398"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/1994324"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "security-advisories@github.com", "type": "Secondary"}]}