CVE-2022-39329

CWE-284Improper Access ControlCWE-285CWE-862Missing Authorization2 documents2 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 61.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Nextcloud Security-advisoriesNextcloud Nextcloud Enterprise ServerNextcloud Nextcloud Server
Timeline
PublishedOct 27

Description

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages3 packages

NVDnextcloud/nextcloud_enterprise_server24.0.024.0.5+1
NVDnextcloud/nextcloud_server24.0.024.0.5+1
CVEListV5nextcloud/security-advisories< 23.0.9+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Profile of disabled user stays accessible2022-10-27
CVE-2022-39329 (MEDIUM CVSS 5.3) | Nextcloud Server is the file server | cvebase.io