CVE-2022-24889

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 21.0.8 Nextcloud Server versions prior to 22.2.4 Nextcloud Server versions prior to 23.0.1

Description The issue allows attackers to trick administrators into enabling unnecessary "recommended" apps for the Nextcloud server, expanding their attack surface.

Recommendations For versions prior to 21.0.8, update to version 21.0.8 or later. For versions prior to 22.2.4, update to version 22.2.4 or later. For versions prior to 23.0.1, update to version 23.0.1 or later.

Exploit

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

ALT-PU-2022-2504

ALT-PU-2022-2555

CVE-2022-24889

GHSA-5VW6-6PRG-GVW6

Affected Products

Alt Linux

Nextcloud Server

CVE-2022-24889

Weakness Enumeration

Related Identifiers

Affected Products

References · 8