Lucene search

China National Vulnerability DatabaseCNVD-2022-18420

HistorySep 09, 2021 - 12:00 a.m.

Nextcloud Code Execution Vulnerability

2021-09-0900:00:00

China National Vulnerability Database

www.cnvd.org.cn

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Germany’s Nextcloud. Nextcloud is vulnerable to a code execution vulnerability that stems from Nextcloud’s support for rendering image previews of file content provided to users, which could be exploited to execute arbitrary code via a flawed third-party library.

CPENameOperatorVersion
nextcloud nextcloudlt20.0.12
nextcloud nextcloudlt21.0.4
nextcloud nextcloudlt22.1.0

Name	Operator	Version
nextcloud nextcloud	lt	20.0.12
nextcloud nextcloud	lt	21.0.4
nextcloud nextcloud	lt	22.1.0

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for CNVD-2022-18420