PT-2022-19422 · Nextcloud+1 · Nextcloud Server+1

Michag86

Published

2022-05-20

Updated

2022-09-02

CVE-2022-29163

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 22.2.6 Nextcloud Server versions prior to 23.0.3

Description The issue allows a user to create a link that is not password protected, even if the administrator requires links to be password protected. There are currently no known workarounds for this issue.

Recommendations For versions prior to 22.2.6, update to version 22.2.6 to resolve the issue. For versions prior to 23.0.3, update to version 23.0.3 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-671

Related Identifiers

ALT-PU-2022-2504

ALT-PU-2022-2555

CVE-2022-29163

GHSA-PWJV-H37V-C4FX

Affected Products

Alt Linux

Nextcloud Server

PT-2022-19422 · Nextcloud+1 · Nextcloud Server+1

CVE-2022-29163

Weakness Enumeration

Related Identifiers

Affected Products

References · 8