Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-36074
HistorySep 15, 2022 - 10:15 p.m.

CVE-2022-36074

2022-09-1522:15:11
CWE-200
CWE-863
[email protected]
web.nvd.nist.gov
nextcloud
information exposure
http downgrade
account access
vulnerable version
upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

48.8%

JSON

Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server is upgraded to 23.0.7 or 24.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.11, 23.0.7 or 24.0.3. There are no known workarounds for this issue.

Affected configurations

NVD
Node
nextcloudnextcloud_enterprise_serverRange<22.2.11
OR
nextcloudnextcloud_enterprise_serverRange23.0.023.0.7
OR
nextcloudnextcloud_enterprise_serverRange24.0.024.0.3
OR
nextcloudnextcloud_serverRange<23.0.7
OR
nextcloudnextcloud_serverRange24.0.024.0.3

Related

hackerone 1
cve 1
nextcloud 1
openvas 1
cvelist 1
prion 1
osv 1
hackerone
hackerone
Nextcloud: Information exposure in in guzzlehttp/guzzle (https://github.com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle)
2022-06-16 21:19:11
cve
cve
CVE-2022-36074
2022-09-15 22:15:11
nextcloud
nextcloud
Authentication header is passed on by Nextcloud Server due to a vulnerable GuzzleHTTP version
2022-09-15 08:30:52
openvas
openvas
Nextcloud Server < 23.0.7, 24.x < 24.0.3 Information Disclosure Vulnerability (GHSA-vqgm-f748-g76v)
2022-09-19 00:00:00
cvelist
cvelist
CVE-2022-36074 Authentication headers exposed on by Nextcloud Server
2022-09-15 22:00:15
prion
prion
Authorization
2022-09-15 22:15:00
osv
osv
CVE-2022-36074
2022-09-15 22:15:11

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

48.8%

JSON
Related for NVD:CVE-2022-36074
hackerone1cve1nextcloud1openvas1cvelist1prion1osv1