PT-2022-20542 · Nextcloud · Nextcloud Mail

Nickvergessen

Published

2022-08-04

Updated

2022-08-10

CVE-2022-31119

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Mail versions prior to 1.12.1

Description The issue affects Nextcloud Mail, an email application for the Nextcloud personal cloud product. In the event of a misconfiguration, affected versions of Nextcloud Mail would log user passwords to disk. If an attacker gains access to these logs, they could obtain complete access to the affected accounts.

Recommendations For versions prior to 1.12.1, upgrade Nextcloud Mail to version 1.12.1. Inspect logs and remove any passwords that have been logged due to misconfiguration. As a temporary measure, consider closely monitoring log access to minimize the risk of exploitation.

Exploit

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2022-31119

GHSA-63M3-W68H-3WJG

Affected Products

Nextcloud Mail

PT-2022-20542 · Nextcloud · Nextcloud Mail

CVE-2022-31119

Weakness Enumeration

Related Identifiers

Affected Products

References · 7