CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-28844

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.7%

CVSS Severity

CVSS v3 Score 5.7

References

Products affected by CVE-2023-28844

Nextcloud » Nextcloud Server » Version: 24.0.4

cpe:2.3:a:nextcloud:nextcloud_server:24.0.4
Nextcloud » Nextcloud Server » Version: 24.0.5

cpe:2.3:a:nextcloud:nextcloud_server:24.0.5
Nextcloud » Nextcloud Server » Version: 24.0.6

cpe:2.3:a:nextcloud:nextcloud_server:24.0.6
Nextcloud » Nextcloud Server » Version: 24.0.7

cpe:2.3:a:nextcloud:nextcloud_server:24.0.7
Nextcloud » Nextcloud Server » Version: 24.0.8

cpe:2.3:a:nextcloud:nextcloud_server:24.0.8
Nextcloud » Nextcloud Server » Version: 24.0.9

cpe:2.3:a:nextcloud:nextcloud_server:24.0.9
Nextcloud » Nextcloud Server » Version: 25.0.0

cpe:2.3:a:nextcloud:nextcloud_server:25.0.0
Nextcloud » Nextcloud Server » Version: 25.0.2

cpe:2.3:a:nextcloud:nextcloud_server:25.0.2
Nextcloud » Nextcloud Server » Version: 25.0.3

cpe:2.3:a:nextcloud:nextcloud_server:25.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-28844

Products

Pricing

Contact Us