Описание
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set zend.exception_ignore_args = On as an option in php.ini.
Ссылки
- Third Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Permissions RequiredThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 22.2.10.5 (исключая)Версия от 23.0.0 (включая) до 23.0.9 (исключая)Версия от 24.0.0 (включая) до 24.0.5 (исключая)Версия до 23.0.9 (исключая)Версия от 24.0.0 (включая) до 24.0.5 (исключая)
Одно из
cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00074
Низкий
4 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-312
CWE-312
Связанные уязвимости
CVSS3: 4
debian
больше 2 лет назад
Nextcloud Server is the file server software for Nextcloud, a self-hos ...
EPSS
Процентиль: 23%
0.00074
Низкий
4 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-312
CWE-312