CVE-2023-28643 Information

Description

Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name while a memory cache is configured the second share will replace the first one instead of being renamed to name (2). It is recommended that the Nextcloud Server is upgraded to 25.0.3 or 24.0.9. Users unable to upgrade should avoid sharing 2 folders with the same name to the same user.

Reference

https://github.com/nextcloud/server/issues/34015 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhq4-4pr8-wm27 https://github.com/nextcloud/server/pull/36047