Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.
References
Link | Resource |
---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5vw6-6prg-gvw6 | Third Party Advisory |
https://github.com/nextcloud/server/pull/30615 | Third Party Advisory |
https://hackerone.com/reports/1403614 | Exploit Third Party Advisory |
https://security.gentoo.org/glsa/202208-17 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-04-27T14:35:13
Updated: 2022-08-11T00:07:42
Reserved: 2022-02-10T00:00:00
Link: CVE-2022-24889
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-27T15:15:09.127
Modified: 2022-10-25T20:51:54.667
Link: CVE-2022-24889
JSON object: View
Redhat Information
No data.
CWE