PT-2022-16958 · Nextcloud+1 · Nextcloud Server+1
David_H1
·
Published
2022-04-27
·
Updated
2023-07-06
·
CVE-2022-24888
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Server versions prior to 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1
Description
The issue allows creating files and folders with leading and trailing
, r, t, and v characters. The server rejects these characters when they appear in the middle of file or folder names, which might provide an opportunity for injection.Recommendations
For versions prior to 20.0.14.4, update to version 20.0.14.4 or later.
For versions prior to 21.0.8, update to version 21.0.8 or later.
For versions prior to 22.2.4, update to version 22.2.4 or later.
For versions prior to 23.0.1, update to version 23.0.1 or later.
Exploit
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Nextcloud Server