CVE-2023-25150

MEDIUM Year: 2023
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-284
View all →

Vulnerability Description

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2016-3060

MEDIUM
CVSS:5.7(Medium)

Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote auth...

CWE-2842016

CVE-2019-11894

MEDIUM
CVSS:5.7(Medium)

A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order ...

CWE-2842019

CVE-2021-24752

MEDIUM
CVSS:5.7(Medium)

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essent...

CWE-2842021

CVE-2022-3027

MEDIUM
CVSS:5.7(Medium)

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, w...

CWE-2842022

CVE-2024-11358

MEDIUM
CVSS:5.7(Medium)

Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider.

CWE-2842024