CVE-2022-39329

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 23.0.9 Nextcloud Enterprise Server versions prior to 24.0.5

Description The issue concerns exposure of information that cannot be controlled by administrators without direct database access. This affects Nextcloud Server and Nextcloud Enterprise Server.

Recommendations For Nextcloud Server versions prior to 23.0.9, update to version 23.0.9 to resolve the issue. For Nextcloud Enterprise Server versions prior to 24.0.5, update to version 24.0.5 to resolve the issue.

Exploit

Fix

Improper Access Control

Missing Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862CWE-285

Related Identifiers

ALT-PU-2022-2949

ALT-PU-2023-1056

CVE-2022-39329

GHSA-8F3P-RCM5-MRG3

Affected Products

Alt Linux

Nextcloud Enterprise Server

Nextcloud Server

CVE-2022-39329

Weakness Enumeration

Related Identifiers

Affected Products

References · 7