CVE-2023-25162 - Vulnerability Details - OpenCVE

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enterprise Server 24.0.8 and 23.0.12 contain a patch for this issue. No known workarounds are available.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Nextcloud	Nextcloud Server

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:nextcloud_server::::::::
	cpe:2.3:a:nextcloud:nextcloud_server::::::::

No data.

References

Link	Providers
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m
https://github.com/nextcloud/server/pull/34160
https://hackerone.com/reports/1702864

History

Mon, 10 Mar 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-02-13T20:34:29.201Z

Updated: 2025-03-10T21:12:37.219Z

Reserved: 2023-02-03T16:59:18.245Z

Link: CVE-2023-25162

Vulnrichment

Updated: 2024-08-02T11:18:35.583Z

NVD

Status : Modified

Published: 2023-02-13T21:15:15.140

Modified: 2024-11-21T07:49:13.767

Link: CVE-2023-25162

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25162", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-02-03T16:59:18.245Z", "datePublished": "2023-02-13T20:34:29.201Z", "dateUpdated": "2025-03-10T21:12:37.219Z"}, "containers": {"cna": {"title": "Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m"}, {"name": "https://github.com/nextcloud/server/pull/34160", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/server/pull/34160"}, {"name": "https://hackerone.com/reports/1702864", "tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1702864"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": "< 23.0.12", "status": "affected"}, {"version": ">= 24.0.0, < 24.0.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-02-13T20:34:29.201Z"}, "descriptions": [{"lang": "en", "value": "Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enterprise Server 24.0.8 and 23.0.12 contain a patch for this issue. No known workarounds are available."}], "source": {"advisory": "GHSA-mqrx-grp7-244m", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:18:35.583Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m"}, {"name": "https://github.com/nextcloud/server/pull/34160", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/server/pull/34160"}, {"name": "https://hackerone.com/reports/1702864", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1702864"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T21:01:55.950173Z", "id": "CVE-2023-25162", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T21:12:37.219Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m", "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/nextcloud/server/pull/34160", "name": "https://github.com/nextcloud/server/pull/34160", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://hackerone.com/reports/1702864", "name": "https://hackerone.com/reports/1702864", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:18:35.583Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25162", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T21:01:55.950173Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T21:01:57.956Z"}}], "cna": {"title": "Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs", "source": {"advisory": "GHSA-mqrx-grp7-244m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"status": "affected", "version": "< 23.0.12"}, {"status": "affected", "version": ">= 24.0.0, < 24.0.8"}]}], "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m", "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nextcloud/server/pull/34160", "name": "https://github.com/nextcloud/server/pull/34160", "tags": ["x_refsource_MISC"]}, {"url": "https://hackerone.com/reports/1702864", "name": "https://hackerone.com/reports/1702864", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enterprise Server 24.0.8 and 23.0.12 contain a patch for this issue. No known workarounds are available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-02-13T20:34:29.201Z"}}}, "cveMetadata": {"cveId": "CVE-2023-25162", "state": "PUBLISHED", "dateUpdated": "2025-03-10T21:12:37.219Z", "dateReserved": "2023-02-03T16:59:18.245Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-02-13T20:34:29.201Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B50151BE-566E-4F7F-BFF5-CDBA5A0AE4B8", "versionEndExcluding": "23.0.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "7827F3FA-9D17-4915-90CB-B3652E310F0E", "versionEndExcluding": "24.0.8", "versionStartIncluding": "24.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enterprise Server 24.0.8 and 23.0.12 contain a patch for this issue. No known workarounds are available."}], "id": "CVE-2023-25162", "lastModified": "2024-11-21T07:49:13.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-13T21:15:15.140", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/nextcloud/server/pull/34160"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/1702864"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mqrx-grp7-244m"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/nextcloud/server/pull/34160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/1702864"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}