Bug 1208591 (CVE-2023-25579) - VUL-0: CVE-2023-25579: nextcloud: Potential directory traversal in OC\Files\Node\Folder::getFullPath
Summary: VUL-0: CVE-2023-25579: nextcloud: Potential directory traversal in OC\Files\N...
Status: RESOLVED FIXED
Alias: CVE-2023-25579
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Eric Schirra
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/357944/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-02-23 07:55 UTC by Thomas Leroy
Modified: 2024-04-16 08:15 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2023-02-23 07:55:15 UTC 
CVE-2023-25579

Nextcloud server is a self hosted home cloud product. In affected versions the
`OC\Files\Node\Folder::getFullPath()` function was validating and normalizing
the string in the wrong order. The function is used in the `newFile()` and
`newFolder()` items, which may allow to creation of paths outside of ones own
space and overwriting data from other users with crafted paths. This issue has
been addressed in versions 25.0.2, 24.0.8, and 23.0.12. Users are advised to
upgrade. There are no known workarounds for this issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25579
https://github.com/nextcloud/server/pull/35074
https://www.cve.org/CVERecord?id=CVE-2023-25579
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-273v-9h7x-p68v
Comment 1 Thomas Leroy 2023-02-23 07:56:12 UTC 
Only openSUSE:Backports:SLE-15-SP4 should be affected
Comment 2 OBSbugzilla Bot 2023-04-01 10:55:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1208591) was mentioned in
https://build.opensuse.org/request/show/1076615 Backports:SLE-15-SP4 / nextcloud
Comment 3 Swamp Workflow Management 2023-04-03 19:05:39 UTC 
openSUSE-SU-2023:0083-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1203190,1205802,1208591
CVE References: CVE-2022-35931,CVE-2022-39346,CVE-2023-25579
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    nextcloud-23.0.12-bp154.2.3.1
Comment 4 Eric Schirra 2024-04-16 08:15:50 UTC 
Is accepted.