CVE-2022-39330

CWE-400 — Uncontrolled Resource Consumption2 documents2 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 47.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Security-advisories Nextcloud Nextcloud Enterprise Server Nextcloud Nextcloud Server

Timeline

PublishedOct 27

Description

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, d…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

▶NVDnextcloud/nextcloud_enterprise_server23.0.0 — 23.0.10+2

▶NVDnextcloud/nextcloud_server24.0.0 — 24.0.6+1

▶CVEListV5nextcloud/security-advisories< 22.2.10+2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Database resource exhaustion for logged-in users via sharee recommendations with circles↗2022-10-27

▶