CVE-2022-39346
published 2022-11-25CVE-2022-39346: Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a…
PriorityP431medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.99%
58.1th percentile
Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| nextcloud | nextcloud_enterprise_server | < 22.2.10 | 22.2.10 |
| nextcloud | nextcloud_enterprise_server | >= 23.0.0 < 23.0.7 | 23.0.7 |
| nextcloud | nextcloud_enterprise_server | >= 24.0.0 < 24.0.3 | 24.0.3 |
| nextcloud | nextcloud_server | < 22.2.10 | 22.2.10 |
| nextcloud | nextcloud_server | >= 23.0.0 < 23.0.7 | 23.0.7 |
| nextcloud | nextcloud_server | >= 24.0.0 < 24.0.3 | 24.0.3 |
| nextcloud | security-advisories | < 22.2.10 | 22.2.10 |
| nextcloud | security-advisories | — | — |
| nextcloud | security-advisories | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6w9f-jgjx-4vj6https://github.com/nextcloud/server/pull/33052https://hackerone.com/reports/1588562https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TARDPRPBTI5TJRBYRVVQGTL6KWRCV5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R32L3P53AQKQQC652LA5U3AWFTZKPDK3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRAER4DCCHHSUDFHQ6LTIH4JEJFF73IU/https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6w9f-jgjx-4vj6https://github.com/nextcloud/server/pull/33052https://hackerone.com/reports/1588562https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TARDPRPBTI5TJRBYRVVQGTL6KWRCV5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R32L3P53AQKQQC652LA5U3AWFTZKPDK3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRAER4DCCHHSUDFHQ6LTIH4JEJFF73IU/
2022-11-25
Published