CVE-2022-31119

Опубликовано: 04 авг. 2022

Источник: nvd

CVSS3: 3.1

CVSS3: 4.9

EPSS Низкий

Описание

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration.

Ссылки

https://github.com/nextcloud/mail/issues/823
Third Party Advisory
https://github.com/nextcloud/mail/pull/6488/commits/ab9ade57fbc1f465ffe905248f93f328d638d7e5
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-63m3-w68h-3wjg
Third Party Advisory
https://github.com/nextcloud/mail/issues/823
Third Party Advisory
https://github.com/nextcloud/mail/pull/6488/commits/ab9ade57fbc1f465ffe905248f93f328d638d7e5
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-63m3-w68h-3wjg
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*

Версия до 1.12.1 (исключая)

EPSS

Процентиль: 59%

0.00382

Низкий

3.1 Low

CVSS3

4.9 Medium

CVSS3

Дефекты

CWE-532

EPSS

Процентиль: 59%

0.00382

Низкий

3.1 Low

CVSS3

4.9 Medium

CVSS3

Дефекты

CWE-532