CVE-2022-39211

Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.

Published: Sep 17, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-39211
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
nextcloud / nextcloud_server	24.0.0	24.0.4
nextcloud / nextcloud_server	-	23.0.8
nextcloud / nextcloud_enterprise_server	-	22.2.10.4
nextcloud / nextcloud_enterprise_server	23.0.0	23.0.8
nextcloud / nextcloud_enterprise_server	24.0.0	24.0.4

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8
https://github.com/nextcloud/server/pull/32988
https://github.com/nextcloud/server/pull/33031

Vulnerability Database

289,599

CVE-2022-39211