CVE-2023-28643
First published: Thu Mar 30 2023(Updated: )
Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will replace the first one instead of being renamed to `{name} (2)`. It is recommended that the Nextcloud Server is upgraded to 25.0.3 or 24.0.9. Users unable to upgrade should avoid sharing 2 folders with the same name to the same user.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud Server | >=24.0.0<24.0.9 | |
| Nextcloud Nextcloud Server | >=24.0.0<24.0.9 | |
| Nextcloud Nextcloud Server | >=25.0.0<25.0.3 | |
| Nextcloud Nextcloud Server | >=25.0.0<25.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-28643?
The severity of CVE-2023-28643 is high with a CVSS score of 8.8.
How does CVE-2023-28643 affect Nextcloud Server?
CVE-2023-28643 affects Nextcloud Server versions between 24.0.0 and 24.0.9, as well as versions between 25.0.0 and 25.0.3.
How can I fix CVE-2023-28643?
To fix CVE-2023-28643, it is recommended to update Nextcloud Server to a version beyond 25.0.3 or 24.0.9, depending on the affected version.
What is the Common Weakness Enumeration (CWE) ID associated with CVE-2023-28643?
The Common Weakness Enumeration (CWE) ID associated with CVE-2023-28643 is CWE-706.
Where can I find more information about CVE-2023-28643?
You can find more information about CVE-2023-28643 on the GitHub security advisories page and the Nextcloud Server GitHub repository.
- collector/nvd-index
- vendor/nextcloud
- product/nextcloud server
- canonical/nextcloud nextcloud server