CVE-2022-31120Insufficient Logging in Security-advisories

CWE-778Insufficient Logging2 documents2 sources
Severity
2.7LOWNVD
CNA6.5
EPSS
0.4%
top 40.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Server
Timeline
PublishedAug 4

Description

Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud_server23.0.023.0.4+1
CVEListV5nextcloud/security-advisories< 22.2.7+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Federated share accepting/declining is not logged in audit log in Nextcloud Server2022-08-04
CVE-2022-31120 — Insufficient Logging | cvebase