CVE-2023-48303

LOW Year: 2023
CVSS v3 Score
2.7
Low
Weakness Type
CWE-284
View all →

Vulnerability Description

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. No known workarounds are available.

Related Vulnerabilities

CVE-2018-20938

LOW
CVSS:2.7(Low)

cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).

CWE-2842018

CVE-2021-46270

LOW
CVSS:2.7(Low)

JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.

CWE-2842021

CVE-2022-38377

LOW
CVSS:2.7(Low)

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0...

CWE-2842022

CVE-2023-28372

LOW
CVSS:2.7(Low)

A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.

CWE-2842023

CVE-2024-2880

LOW
CVSS:2.7(Low)

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `adm...

CWE-2842024

CVE-2024-32969

LOW
CVSS:2.7(Low)

vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example,...

CWE-2842024