CVE-2022-39330

2022-10-2714:15:12

CWE-400

[email protected]

web.nvd.nist.gov

nextcloud

server

vulnerability

workload

impact

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

39.7%

JSON

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app.

Affected configurations

Nvd

Node

nextcloudnextcloud_enterprise_serverRange<22.2.10

nextcloudnextcloud_enterprise_serverRange23.0.0–23.0.10

nextcloudnextcloud_enterprise_serverRange24.0.0–24.0.6

nextcloudnextcloud_serverRange<23.0.10

nextcloudnextcloud_serverRange24.0.0–24.0.6

VendorProductVersionCPE
nextcloudnextcloud_enterprise_server*cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:*
nextcloudnextcloud_server*cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nextcloud	nextcloud_enterprise_server	*	cpe:2.3:a:nextcloud:nextcloud_enterprise_server::::::::
nextcloud	nextcloud_server	*	cpe:2.3:a:nextcloud:nextcloud_server::::::::