5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from the German company Nextcloud. nextcloud server is a self-hosted system designed to provide cloud-style services. nextcloud server is vulnerable to an information disclosure vulnerability that stems from the failure of the user state API to take into account the administrator’s user enumeration settings. An attacker could exploit the vulnerability to enumerate users to obtain further information.
CPE | Name | Operator | Version |
---|---|---|---|
Nextcloud Nextcloud Server | lt | 20.0.14 | |
Nextcloud Nextcloud Server | eq | 22.2.0 | |
Nextcloud Nextcloud Server >=21.0.0, | lt | 21.0.6 |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N