What is CVE-2023-35928?

CVE-2023-35928 is a high-severity vulnerability in Nextcloud Security-advisories, classified under Improper Handling of Insufficient Privileges. CVSS score: 8.5/10. Published 2023-06-23.

How severe is CVE-2023-35928?

High severity. CVSS v3 base score is 8.5 out of 10.

Vulnerability in Nextcloud Security-advisories

CVE-2023-35928

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0…

EPSS: 0.005 (64.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H.

Affected products

Nextcloud Security-advisories — versions Nextcloud Enterprise Server >= 19.0.0, < 19.0.13.9, Nextcloud Enterprise Server >= 20.0.0.0, < 20.0.14.14, Nextcloud Enterprise Server >= 21.0.0.0, < 21.0.9.12

Weakness classification (CWE)

CWE-274 — Improper Handling of Insufficient Privileges

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-637g-xp2c-qh5h (x_refsource_CONFIRM)
https://github.com/nextcloud/server/pull/38265 (x_refsource_MISC)
https://hackerone.com/reports/1978882 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-35928?: CVE-2023-35928 is a high-severity vulnerability in Nextcloud Security-advisories, classified under Improper Handling of Insufficient Privileges. CVSS score: 8.5/10. Published 2023-06-23.
How severe is CVE-2023-35928?: High severity. CVSS v3 base score is 8.5 out of 10.