cbcvebase.
CVE-2022-39346
published 2022-11-25

CVE-2022-39346: Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a…

PriorityP431medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.99%
58.1th percentile
Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.

Affected

12 ranges
VendorProductVersion rangeFixed in
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
nextcloudnextcloud_enterprise_server< 22.2.1022.2.10
nextcloudnextcloud_enterprise_server>= 23.0.0 < 23.0.723.0.7
nextcloudnextcloud_enterprise_server>= 24.0.0 < 24.0.324.0.3
nextcloudnextcloud_server< 22.2.1022.2.10
nextcloudnextcloud_server>= 23.0.0 < 23.0.723.0.7
nextcloudnextcloud_server>= 24.0.0 < 24.0.324.0.3
nextcloudsecurity-advisories< 22.2.1022.2.10
nextcloudsecurity-advisories
nextcloudsecurity-advisories
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.