Lucene search

[email protected]NVD:CVE-2022-31119

HistoryAug 04, 2022 - 6:15 p.m.

CVE-2022-31119

2022-08-0418:15:09

CWE-532

[email protected]

web.nvd.nist.gov

nextcloud mail

email application

user passwords

misconfiguration

logs

security vulnerability

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.4%

JSON

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration.

Affected configurations

Nvd

Node

nextcloudmailRange<1.12.1

VendorProductVersionCPE
nextcloudmail*cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nextcloud	mail	*	cpe:2.3:a:nextcloud:mail::::::::

References

github.com/nextcloud/mail/issues/823

github.com/nextcloud/mail/pull/6488/commits/ab9ade57fbc1f465ffe905248f93f328d638d7e5

github.com/nextcloud/security-advisories/security/advisories/GHSA-63m3-w68h-3wjg

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.4%

JSON

Related for NVD:CVE-2022-31119

prion1 osv1 cvelist1 cve1 nextcloud1 hackerone1