Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-22212

Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue.

Published

2024-01-18T19:15:10.353

Last Modified

2024-11-21T08:55:48.610

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

Weaknesses

Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	global_site_selector	< 1.4.1	Yes
Application	nextcloud	global_site_selector	< 2.1.2	Yes
Application	nextcloud	global_site_selector	< 2.3.4	Yes
Application	nextcloud	global_site_selector	< 2.4.5	Yes

References

https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce4109b6bcccccd893ee Patch ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-f63m-wp77 Patch, Vendor Advisory ([email protected])
https://hackerone.com/reports/2248689 Issue Tracking, Third Party Advisory ([email protected])
https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce4109b6bcccccd893ee Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-f63m-wp77 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/2248689 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)