CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
EPSS
Percentile
46.9%
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log
may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set zend.exception_ignore_args = On
as an option in php.ini
.
[
{
"vendor": "nextcloud",
"product": "security-advisories",
"versions": [
{
"version": " < 22.2.10.5",
"status": "affected"
},
{
"version": ">= 23.0.0, < 23.0.9",
"status": "affected"
},
{
"version": ">= 24.0.0, < 24.0.5",
"status": "affected"
}
]
}
]