Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.
References
Link | Resource |
---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8 | Third Party Advisory |
https://github.com/nextcloud/server/pull/32988 | Patch Third Party Advisory |
https://github.com/nextcloud/server/pull/33031 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Sep 2022, 14:53
Type | Values Removed | Values Added |
---|---|---|
First Time |
Nextcloud nextcloud Enterprise Server
Nextcloud nextcloud Server Nextcloud |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:* |
|
References | (MISC) https://github.com/nextcloud/server/pull/33031 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/nextcloud/server/pull/32988 - Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8 - Third Party Advisory |
17 Sep 2022, 01:55
Type | Values Removed | Values Added |
---|---|---|
Summary | Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue. |
16 Sep 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-16 23:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-39211
Mitre link : CVE-2022-39211
CVE.ORG link : CVE-2022-39211
JSON object : View
Products Affected
nextcloud
- nextcloud_server
- nextcloud_enterprise_server
CWE
CWE-918
Server-Side Request Forgery (SSRF)