CVE-2022-39329

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
GitHub_MCNA
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
nextcloudnextcloud_enterprise_server
𝑥
< 23.0.9
nextcloudnextcloud_enterprise_server
24.0.0 ≤
𝑥
< 24.0.5
nextcloudnextcloud_server
𝑥
< 23.0.9
nextcloudnextcloud_server
24.0.0 ≤
𝑥
< 24.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f3p-rcm5-mrg3
https://github.com/nextcloud/server/pull/33643
https://hackerone.com/reports/1675014
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f3p-rcm5-mrg3
https://github.com/nextcloud/server/pull/33643
https://hackerone.com/reports/1675014