How severe is CVE-2023-28834?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2023-28834?

This is classified as CWE-212, which is a common weakness in software security.

CVE-2023-28834 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get the full data directory path of the Nextcloud server from an API endpoint. By itself this information is not problematic as it can also be guessed for most common setups, but it could speed up other unknown attacks in the future if the information is known. Nextcloud Server 24.0.6 and 25.0.4 and Nextcloud Enterprise Server 23.0.11, 24.0.6, and 25.0.4 contain patches for this issue. There are no known workarounds.

Related Vulnerabilities

CVE-2019-19362

MEDIUM

CVSS:4.3(Medium)

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved with...

CWE-2122019

CVE-2022-4734

MEDIUM

CVSS:4.3(Medium)

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.

CWE-2122022

CVE-2025-20118

MEDIUM

CVSS:4.4(Medium)

A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this...

CWE-2122025

CVE-2021-33082

MEDIUM

CVSS:4.6(Medium)

Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information di...

CWE-2122021

CVE-2025-48708

MEDIUM

CVSS:4.0(Medium)

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.

CWE-2122025

CVE-2024-6055

MEDIUM

CVSS:4.7(Medium)

Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings t...

CWE-2122024