CVE-2022-35931
published 2022-09-06CVE-2022-35931: Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3…
PriorityP48low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
EPSS
0.37%
28.9th percentile
Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nextcloud | password_policy | < 22.2.10 | 22.2.10 |
| nextcloud | password_policy | >= 23.0.0 < 23.0.7 | 23.0.7 |
| nextcloud | password_policy | >= 24.0.0 < 24.0.3 | 24.0.3 |
| nextcloud | security-advisories | < 22.2.10 | 22.2.10 |
| nextcloud | security-advisories | — | — |
| nextcloud | security-advisories | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-06
Published