CVE-2022-39329

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.

Published: Oct 27, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-39329
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-863
CWE-862

Affected Software
References

Software	From	Fixed in
nextcloud / nextcloud_server	24.0.0	24.0.5
nextcloud / nextcloud_enterprise_server	24.0.0	24.0.5
nextcloud / nextcloud_server	-	23.0.9
nextcloud / nextcloud_enterprise_server	-	23.0.9

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f3p-rcm5-mrg3
https://github.com/nextcloud/server/pull/33643
https://hackerone.com/reports/1675014

Vulnerability Database

289,599

CVE-2022-39329