CVE-2022-35931

Опубликовано: 06 сент. 2022

Источник: nvd

CVSS3: 2.7

EPSS Низкий

Описание

Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available.

Ссылки

https://github.com/nextcloud/password_policy/pull/363
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7mw-9q4r-8qwr
Third Party Advisory
https://github.com/nextcloud/password_policy/pull/363
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7mw-9q4r-8qwr
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:password_policy:*:*:*:*:*:*:*:*

Версия до 22.2.10 (исключая)

cpe:2.3:a:nextcloud:password_policy:*:*:*:*:*:*:*:*

Версия от 23.0.0 (включая) до 23.0.7 (исключая)

cpe:2.3:a:nextcloud:password_policy:*:*:*:*:*:*:*:*

Версия от 24.0.0 (включая) до 24.0.3 (исключая)

EPSS

Процентиль: 17%

0.00054

Низкий

2.7 Low

CVSS3

Дефекты

CWE-261

CWE-326

Связанные уязвимости

openSUSE-SU-2023:0083-1

suse-cvrf

почти 3 года назад

Security update for nextcloud

EPSS

Процентиль: 17%

0.00054

Низкий

2.7 Low

CVSS3

Дефекты

CWE-261

CWE-326