Skip to content

Document content of files can be obtained through Collabora for files of other users

Moderate
miaulalala published GHSA-64xc-r58v-53gj Feb 8, 2023

Package

Office (Richdocuments) (Nextcloud)

Affected versions

< 7.0.2, < 6.3.2, < 5.0.10, <4.2.9, < 3.8.7

Patched versions

7.0.2, 6.3.2, 5.0.10, 4.2.9, 3.8.7

Description

Impact

When tricking Collabora to reuse a valid access token with a file id of another users file a copy of the file can be obtained without proper permission validation. Any user with access to Collabora can obtain the content of other users files.

Patches

It is recommended that the Nextcloud Office App (Collabora Integration) is updated to

7.0.2 (Nextcloud 25)
6.3.2 (Nextcloud 24)
5.0.10 (Nextcloud 23)
4.2.9 (Nextcloud 21-22)
3.8.7 (Nextcloud 15-20)

Workarounds

No workaround available

References

For more information

If you have any questions or comments about this advisory:

Severity

Moderate
5.8
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
High
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

CVE ID

CVE-2023-25150

Weaknesses