2 matches found
CVE-2022-36074 Authentication headers exposed on by Nextcloud Server
Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server...
CVE-2022-36074
The CVE-2022-36074 entry concerns Nextcloud Server where information disclosure occurs because the server fails to strip the Authorization header during HTTP downgrades. Affected products/versions include Nextcloud Server prior to 23.0.7 and 24.0.3 (enterprise versions 22.2.11, 23.0.7, or 24.0.3)...