CVE-2023-39958

CVSS 3.1 Score 5.8 of 10 (medium)

Details

Published Aug 10, 2023

Updated: Aug 16, 2023

CWE ID 307

Summary

CVE-2023-39958 is a vulnerability found in Nextcloud Server versions prior to 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 that allows an attacker to brute force the client secrets of configured OAuth2 clients due to missing protection measures. This vulnerability affects various products including Nextcloud Server and Nextcloud Enterprise Server versions mentioned above. The issue has a medium severity rating with a base score of 5.8 and impacts the confidentiality of data at a low level. To remediate this vulnerability, users should update their Nextcloud Server or Nextcloud Enterprise Server to versions 25.0.9, 26.0.4, or 27.0.1 which contain patches for this issue as there are no known workarounds available currently.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database