cbcvebase.
CVE-2022-31118
published 2022-08-04

CVE-2022-31118: Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and…

PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.60%
44.1th percentile
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php/settings/admin/sharing`.

Affected

7 ranges
VendorProductVersion rangeFixed in
nextcloudnextcloud_server< 22.2.922.2.9
nextcloudnextcloud_server< 22.2.722.2.7
nextcloudnextcloud_server>= 23.0.0 < 23.0.623.0.6
nextcloudnextcloud_server>= 23.0.0 < 23.0.423.0.4
nextcloudnextcloud_server>= 24.0.0 < 24.0.224.0.2
nextcloudsecurity-advisories< 22.2.722.2.7
nextcloudsecurity-advisories
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.