GitHub_MCVE-2022-39330CVE-2022-39330
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
39.7%
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nextcloud | nextcloud_enterprise_server | * | cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:* |
| nextcloud | nextcloud_server | * | cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "nextcloud",
"product": "security-advisories",
"versions": [
{
"version": ">= 23.0.0, < 23.0.9",
"status": "affected"
},
{
"version": ">= 24.0.0, < 24.0.5",
"status": "affected"
},
{
"version": "< 22.2.10",
"status": "affected"
}
]
}
]References
Social References
More
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
39.7%