Headline
CVE-2023-45151: OAuth2 client_secret stored in plain text in the database
Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability.
Package
Server (Nextcloud)
Affected versions
>= 25.0.0, >= 26.0.0, >= 27.0.0
Patched versions
25.0.8, 26.0.3, 27.0.1
Server (Nextcloud Enterprise)
>= 25.0.0, >= 26.0.0, >= 27.0.0
Description
Impact
When an attacker got access to the database or a backup of the database they could use the client secrets to use the OAuth2 logins on third party services linked with the Nextcloud server.
Patches
It is recommended that the Nextcloud Server is upgraded to 25.0.8, 26.0.3 or 27.0.1
It is recommended that the Nextcloud Enterprise Server is upgraded to 25.0.8, 26.0.3 or 27.0.1
Workarounds
- No workaround available
References
- HackerOne
- PullRequest
For more information
If you have any questions or comments about this advisory:
- Create a post in nextcloud/security-advisories
- Customers: Open a support ticket at portal.nextcloud.com