Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-31120

Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available.

Published

2022-08-04T17:15:08.520

Last Modified

2024-11-21T07:03:56.207

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.1 (LOW)

Weaknesses

Type: Secondary
CWE-778
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	nextcloud_server	< 22.2.7	Yes
Application	nextcloud	nextcloud_server	< 23.0.4	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9qvg-7fwg-722x Third Party Advisory ([email protected])
https://github.com/nextcloud/server/pull/31594/commits/1d8bf9a89c6856218802a1d365000a5831be8655 Patch, Third Party Advisory ([email protected])
https://portal.nextcloud.com/article/using-the-audit-log-44.html Vendor Advisory ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9qvg-7fwg-722x Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/pull/31594/commits/1d8bf9a89c6856218802a1d365000a5831be8655 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://portal.nextcloud.com/article/using-the-audit-log-44.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)