CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
46.9%
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log
may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set zend.exception_ignore_args = On
as an option in php.ini
.
Vendor | Product | Version | CPE |
---|---|---|---|
nextcloud | nextcloud_enterprise_server | * | cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:* |
nextcloud | nextcloud_server | * | cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* |