Published: 13/02/2023 Updated: 07/11/2023

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x before 24.0.8 and 25.0.x before 25.0.1, Nextcloud Enterprise Server 24.0.x before 24.0.8 and 25.0.x before 25.0.1, and Nextcloud Office (Richdocuments) App 6.x before 6.3.1 and 7.x before 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get applied. This issue is fixed in Nextcloud Server 25.0.1 and 24.0.8, Nextcloud Enterprise Server 25.0.1 and 24.0.8, and Nextcloud Office (Richdocuments) App 7.0.1 (for 25) and 6.3.1 (for 24). No known workarounds are available.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nextcloud nextcloud server 25.0.0
nextcloud nextcloud server
nextcloud nextcloud server 24.0.2
nextcloud richdocuments 7.0.0
nextcloud richdocuments

NVD-CWE-noinfo https://github.com/nextcloud/server/pull/34799 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92g2-h5jv-jjmg https://hackerone.com/reports/1745755 https://github.com/nextcloud/richdocuments/pull/2579 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-25159

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect