CVE-2023-28643
MEDIUMDescription
Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will replace the first one instead of being renamed to `{name} (2)`. It is recommended that the Nextcloud Server is upgraded to 25.0.3 or 24.0.9. Users unable to upgrade should avoid sharing 2 folders with the same name to the same user.
How to fix
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Impact
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Exploit Intelligence
Moderate risk: more likely to be exploited than 52% of all known CVEs.
References
Embed a live status badge for CVE-2023-28643
Markdown
[](https://tridentstack.com/cve/CVE-2023-28643)HTML
<a href="https://tridentstack.com/cve/CVE-2023-28643"><img src="https://tridentstack.com/cve/badge/CVE-2023-28643.svg" alt="CVE-2023-28643"></a>Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.