Описание
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds.
Ссылки
- Third Party Advisory
- PatchThird Party Advisory
- Permissions RequiredThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Permissions RequiredThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 20.0.14.4 (исключая)Версия от 21.0.0 (включая) до 21.0.8 (исключая)Версия от 22.0.0 (включая) до 22.2.4 (исключая)Версия от 23.0.0 (включая) до 23.0.1 (исключая)
Одно из
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00169
Низкий
4.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-74
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
debian
около 3 лет назад
Nextcloud Server is the file server software for Nextcloud, a self-hos ...
EPSS
Процентиль: 39%
0.00169
Низкий
4.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-74
NVD-CWE-Other