Main Vulnerability Database Vulnerabilities #VU66128

Information disclosure in Nextcloud Server - CVE-2022-31118

Published: August 5, 2022

Vulnerability identifier: #VU66128

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-31118

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Nextcloud Server

Software vendor:
Nextcloud

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to missing brute force protection on cloud federation sharing. A remote attacker can perform a brute force attack to find if federated sharing is being used and potentially try to brute force access tokens for federated shares.

Remediation

Install updates from vendor's website.

External links

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vwh-5v93-3vcq
https://github.com/nextcloud/server/pull/32843/commits/6eb692da7fe73c899cb6a8d2aa045eddb1f14018

Information disclosure in Nextcloud Server - CVE-2022-31118

Description

Remediation

External links

Please verify you're human