Detections
Analytics

CVE-2022-39211

medium

Description

Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.

References

https://github.com/nextcloud/server/pull/33031

https://github.com/nextcloud/server/pull/32988

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8

Details

Source: Mitre, NVD

Published: 2022-09-16

Updated: 2022-09-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00083