Vulnerability Description
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Enterprise Server | < 23.0.9 |
| Nextcloud | Nextcloud Server | < 23.0.9 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f3p-rThird Party Advisory
- https://github.com/nextcloud/server/pull/33643PatchThird Party Advisory
- https://hackerone.com/reports/1675014Permissions RequiredThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f3p-rThird Party Advisory
- https://github.com/nextcloud/server/pull/33643PatchThird Party Advisory
- https://hackerone.com/reports/1675014Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-39329?
CVE-2022-39329 is a vulnerability with a CVSS score of 3.5 (LOW). Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to ...
How severe is CVE-2022-39329?
CVE-2022-39329 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-39329?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Enterprise Server, Nextcloud Nextcloud Server.