PT-2022-20543 · Nextcloud+1 · Nextcloud Server+1
Nickvergessen
·
Published
2022-08-04
·
Updated
2022-09-02
·
CVE-2022-31120
CVSS v3.1
2.1
Low
| Vector | AV:A/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Server versions prior to 22.2.7
Nextcloud Server versions prior to 23.0.4
Nextcloud Server versions prior to 24.0.0
Description
The issue concerns the audit log in Nextcloud Server, which is used to track actions but was not properly populated with federated share events. This incomplete logging could allow brute force attacks to go unnoticed, exacerbating the impact of related security issues.
Recommendations
For versions prior to 22.2.7, upgrade to version 22.2.7 or later.
For versions prior to 23.0.4, upgrade to version 23.0.4 or later.
For versions prior to 24.0.0, upgrade to version 24.0.0 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Nextcloud Server