Skip to content

Secure view can be bypassed by using internal API endpoint

Moderate
julien-nc published GHSA-95j6-p5cj-5hh5 Mar 31, 2023

Package

richdocuments (Nextcloud)

Affected versions

>= 7.0.0, >= 6.0.0

Patched versions

7.0.2, 6.3.2

Description

Impact

The secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app.

Patches

It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2.

Mitigation

To enforce the confidentiality of your files it is crucial to restrict the ability to download the documents.
This includes ensuring that your WOPI configuration is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud.

Workarounds

  • No workaround available

References

For more information

If you have any questions or comments about this advisory:

Severity

Moderate
5.7
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CVE ID

CVE-2023-28645

Weaknesses

Credits