PT-2022-24812 · Nextcloud+1 · Nextcloud Server+2
Nickvergessen
·
Published
2022-08-26
·
Updated
2022-09-21
·
CVE-2022-39211
CVSS v3.1
3.0
Low
| Vector | AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Server versions prior to 23.0.8
Nextcloud Server versions prior to 24.0.4
Nextcloud Enterprise Server versions prior to 22.2.10.4
Nextcloud Enterprise Server versions prior to 23.0.8
Nextcloud Enterprise Server versions prior to 24.0.4
Description
The issue concerns locally running webservices that can be found and requested erroneously. There are no known workarounds for this issue.
Recommendations
For Nextcloud Server versions prior to 23.0.8, upgrade to 23.0.8 or 24.0.4.
For Nextcloud Enterprise Server versions prior to 22.2.10.4, upgrade to 22.2.10.4, 23.0.8 or 24.0.4.
For Nextcloud Enterprise Server versions prior to 23.0.8, upgrade to 23.0.8 or 24.0.4.
For Nextcloud Enterprise Server versions prior to 24.0.4, upgrade to 24.0.4.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Nextcloud Enterprise Server
Nextcloud Server