CVE-2022-31120

Опубликовано: 04 авг. 2022

Источник: nvd

CVSS3: 2.1

CVSS3: 2.7

EPSS Низкий

Описание

Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available.

Ссылки

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9qvg-7fwg-722x
Third Party Advisory
https://github.com/nextcloud/server/pull/31594/commits/1d8bf9a89c6856218802a1d365000a5831be8655
Patch
Third Party Advisory
https://portal.nextcloud.com/article/using-the-audit-log-44.html
Vendor Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9qvg-7fwg-722x
Third Party Advisory
https://github.com/nextcloud/server/pull/31594/commits/1d8bf9a89c6856218802a1d365000a5831be8655
Patch
Third Party Advisory
https://portal.nextcloud.com/article/using-the-audit-log-44.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия до 22.2.7 (исключая)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия от 23.0.0 (включая) до 23.0.4 (исключая)

EPSS

Процентиль: 58%

0.00378

Низкий

2.1 Low

CVSS3

2.7 Low

CVSS3

Дефекты

CWE-778

NVD-CWE-Other

Связанные уязвимости

CVE-2022-31120

CVSS3: 2.1

debian

почти 3 года назад

Nextcloud server is an open source personal cloud solution. The audit ...

EPSS

Процентиль: 58%

0.00378

Низкий

2.1 Low

CVSS3

2.7 Low

CVSS3

Дефекты

CWE-778

NVD-CWE-Other