CVE-2022-24889Insufficient Verification of Data Authenticity in Security-advisories

CWE-345Insufficient Verification of Data Authenticity2 documents2 sources
Severity
4.3MEDIUMNVD
CNA2.4
EPSS
0.2%
top 63.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Server
Timeline
PublishedApr 27

Description

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud_server22.0.022.2.4+2
CVEListV5nextcloud/security-advisories< 21.0.8+2

🔴Vulnerability Details

1
CVEList
Insufficient Verification of Data Authenticity in Nextcloud Server2022-04-27
CVE-2022-24889 — Security-advisories vulnerability | cvebase