Nextcloud Vulnerabilidad

Cronología

Escribe

Cloud Software	181
Android App Software	20
Calendar Software	5
iOS App Software	2
Automation Software	1

Producto

Nextcloud Server	85
Nextcloud Enterprise Server	26
Nextcloud Talk	17
Nextcloud Desktop Client	17
Nextcloud App	16

Contramedidas

Official Fix	193
Temporary Fix	0
Workaround	0
Unavailable	0
Not Defined	17

Explotabilidad

High	0
Functional	0
Proof-of-Concept	0
Unproven	0
Not Defined	210

Vector de acceso

Not Defined	0
Physical	14
Local	20
Adjacent	10
Network	166

Autenticación

Not Defined	0
High	25
Low	138
None	47

La interacción del usuario

Not Defined	0
Required	95
None	115

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	13
≤4	46
≤5	61
≤6	50
≤7	24
≤8	12
≤9	3
≤10	1

CVSSv3 Temp

≤1	0
≤2	0
≤3	18
≤4	42
≤5	62
≤6	51
≤7	27
≤8	6
≤9	3
≤10	1

VulDB

≤1	0
≤2	4
≤3	24
≤4	74
≤5	39
≤6	38
≤7	19
≤8	11
≤9	0
≤10	1

NVD

≤1	0
≤2	0
≤3	6
≤4	6
≤5	26
≤6	28
≤7	26
≤8	18
≤9	9
≤10	8

CNA

≤1	0
≤2	2
≤3	17
≤4	31
≤5	27
≤6	22
≤7	12
≤8	5
≤9	10
≤10	2

Proveedor

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Explotar día 0

<1k	66
<2k	113
<5k	31
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Explotar hoy

<1k	210
<2k	0
<5k	0
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Explotar el volumen del mercado

🔴 CTI Ocupaciones

Affected Products (42): Android (1), App (16), App Extract (1), Calendar (4), Calendar App (1), Circle (1), Circles (1), Client (2), Collabra (1), Contacts (5), Cookbook (1), Deck (13), Desktop (4), Desktop Client (17), Dialogs Library (1), End-to-End Encryption (1), End-to-end Encryption App (1), Enterprise Server (28), Files (1), Files Access Control (1), Files Automated Tagging App (1), Files ZIP (1), Global Site Selector (1), Guests (2), Lookup-Server (1), Mail (11), Mail Application (1), NextcloudPi (1), Office (1), OfficeOnline (1), Office Richdocuments (1), Password Policy (1), Preferred Providers App (1), Richdocuments (4), Server (88), Social (1), Social App (1), Talk (17), Talk-Android (1), Text (2), User Saml (1), news-android (1)

Fecha de publicación	Base	Temp	Vulnerabilidad	Prod	Exp	Con	EPSS	CTI	CVE
2024-03-29	9.9	9.7	Nextcloud NextcloudPi Web-Panel escalada de privilegios	Cloud Software	Not Defined	Official Fix	0.00043	0.04	CVE-2024-30247
2024-01-18	4.2	4.2	NextCloud Files ZIP ZIP Archive escalada de privilegios	Cloud Software	Not Defined	Official Fix	0.00053	0.02	CVE-2024-22404
2024-01-18	5.9	5.7	NextCloud Guests Request URL Privilege Escalation	Cloud Software	Not Defined	Official Fix	0.00053	0.05	CVE-2024-22402
2024-01-18	4.2	4.2	NextCloud Guests Allowed Apps List escalada de privilegios	Cloud Software	Not Defined	Official Fix	0.00053	0.04	CVE-2024-22401
2024-01-18	3.9	3.9	NextCloud Deck Organization cross site scripting	Cloud Software	Not Defined	Official Fix	0.00051	0.00	CVE-2024-22213
2024-01-18	4.1	4.1	NextCloud User Saml Link Redirect	Cloud Software	Not Defined	Official Fix	0.00052	0.00	CVE-2024-22400
2024-01-18	8.6	8.5	NextCloud Global Site Selector autenticación débil	Cloud Software	Not Defined	Official Fix	0.00097	0.05	CVE-2024-22212
2024-01-18	3.1	3.1	NextCloud Server OAuth2 divulgación de información	Cloud Software	Not Defined	Official Fix	0.00051	0.00	CVE-2024-22403
2023-12-22	4.3	4.2	Nextcloud Files autenticación débil	iOS App Software	Not Defined	Official Fix	0.00046	0.02	CVE-2023-49790
2023-12-22	6.4	6.2	Nextcloud Server/Enterprise Server autenticación débil	Cloud Software	Not Defined	Official Fix	0.00053	0.02	CVE-2023-49791
2023-12-22	6.3	6.2	Nextcloud Server/Enterprise Server divulgación de información	Cloud Software	Not Defined	Official Fix	0.00068	0.03	CVE-2023-49792
2023-12-22	4.2	4.2	Nextcloud Calendar divulgación de información	Calendar Software	Not Defined	Official Fix	0.00049	0.00	CVE-2023-48308
2023-11-22	5.6	5.6	Nextcloud Mail escalada de privilegios	Cloud Software	Not Defined	Official Fix	0.00068	0.04	CVE-2023-48307
2023-11-22	4.1	4.1	Nextcloud Server/Enterprise Server HTML Code cross site scripting	Cloud Software	Not Defined	Official Fix	0.00053	0.00	CVE-2023-48302
2023-11-22	3.1	3.0	Nextcloud Server/Enterprise Server user_ldap App cifrado débil	Cloud Software	Not Defined	Official Fix	0.00045	0.00	CVE-2023-48305
2023-11-22	7.3	7.2	Nextcloud Server/Enterprise Server External Storage escalada de privilegios	Cloud Software	Not Defined	Official Fix	0.00052	0.02	CVE-2023-48239
2023-11-22	4.1	4.1	Nextcloud Server/Enterprise Server Search UI cross site scripting	Cloud Software	Not Defined	Official Fix	0.00051	0.00	CVE-2023-48301
2023-11-22	4.3	4.2	Nextcloud Server/Enterprise Server Birthday Calendar escalada de privilegios	Cloud Software	Not Defined	Official Fix	0.00051	0.03	CVE-2023-48304
2023-11-22	2.5	2.5	Nextcloud Server/Enterprise Server External Storage escalada de privilegios	Cloud Software	Not Defined	Official Fix	0.00053	0.00	CVE-2023-48303
2023-11-22	6.4	6.3	Nextcloud Server/Enterprise Server DNS Pin Middleware escalada de privilegios	Cloud Software	Not Defined	Official Fix	0.00068	0.03	CVE-2023-48306
2023-10-16	4.3	4.2	Nextcloud Calendar Email Address denegación de servicio	Calendar Software	Not Defined	Official Fix	0.00051	0.00	CVE-2023-45150
2023-10-16	4.3	4.2	Nextcloud Mail Proxy Endpoint escalada de privilegios	Cloud Software	Not Defined	Official Fix	0.00053	0.02	CVE-2023-45660
2023-10-16	3.7	3.6	Nextcloud Talk divulgación de información	Cloud Software	Not Defined	Official Fix	0.00053	0.00	CVE-2023-45149
2023-10-16	6.0	6.0	Nextcloud Server cifrado débil	Cloud Software	Not Defined	Official Fix	0.00060	0.03	CVE-2023-45151
2023-10-13	5.2	5.2	Nextcloud Server/Enterprise Server WebDAV API divulgación de información	Cloud Software	Not Defined	Official Fix	0.00064	0.04	CVE-2023-39960

Nextcloud Vulnerabilidad

Cronología

Escribe

Producto

Contramedidas

Explotabilidad

Vector de acceso

Autenticación

La interacción del usuario

C3BM Index

CVSSv3 Base

CVSSv3 Temp

VulDB

NVD

CNA

Proveedor

Research

Explotar día 0

Explotar hoy

Explotar el volumen del mercado

🔴 CTI Ocupaciones

🔒 Login Required

Are you interested in using VulDB?