Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-39334
HistoryNov 25, 2022 - 12:00 a.m.

CVE-2022-39334

2022-11-2500:00:00
ubuntu.com
ubuntu.com
11

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:S/C:N/I:P/A:N

Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes
used for automated scripting and headless servers. Versions of nextcloudcmd
prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may
enable a Man-in-the-middle attack that exposes sensitive data or
credentials to a network attacker. This affects the CLI only. It does not
affect the standard GUI desktop Nextcloud clients, and it does not affect
the Nextcloud server.

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:S/C:N/I:P/A:N