Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-31118

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php/settings/admin/sharing`.

Published

2022-08-04T17:15:08.440

Last Modified

2024-11-21T07:03:55.947

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-770
Type: Primary
CWE-307

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	nextcloud_server	< 22.2.9	Yes
Application	nextcloud	nextcloud_server	< 23.0.6	Yes
Application	nextcloud	nextcloud_server	< 24.0.2	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vwh-5v93-3vcq Third Party Advisory ([email protected])
https://github.com/nextcloud/server/pull/32843/commits/6eb692da7fe73c899cb6a8d2aa045eddb1f14018 Patch, Third Party Advisory ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vwh-5v93-3vcq Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/pull/32843/commits/6eb692da7fe73c899cb6a8d2aa045eddb1f14018 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)