Vulnerability Description
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Enterprise Server | < 22.2.10 |
| Nextcloud | Nextcloud Server | < 23.0.10 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/circles/pull/1147PatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wxx7-wThird Party Advisory
- https://hackerone.com/reports/1688199Permissions RequiredThird Party Advisory
- https://github.com/nextcloud/circles/pull/1147PatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wxx7-wThird Party Advisory
- https://hackerone.com/reports/1688199Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-39330?
CVE-2022-39330 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions...
How severe is CVE-2022-39330?
CVE-2022-39330 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-39330?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Enterprise Server, Nextcloud Nextcloud Server.