Vulnerability Description
Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Password Policy | < 22.2.10 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/password_policy/pull/363PatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7mw-9Third Party Advisory
- https://github.com/nextcloud/password_policy/pull/363PatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7mw-9Third Party Advisory
FAQ
What is CVE-2022-35931?
CVE-2022-35931 is a vulnerability with a CVSS score of 2.7 (LOW). Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in ver...
How severe is CVE-2022-35931?
CVE-2022-35931 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-35931?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Password Policy.