Vulnerability Description
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | >= 23.0.0, < 23.0.10 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m92j-xThird Party Advisory
- https://github.com/nextcloud/server/pull/33139PatchThird Party Advisory
- https://hackerone.com/reports/1596148Third Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m92j-xThird Party Advisory
- https://github.com/nextcloud/server/pull/33139PatchThird Party Advisory
- https://hackerone.com/reports/1596148Third Party Advisory
FAQ
What is CVE-2022-41968?
CVE-2022-41968 is a vulnerability with a CVSS score of 3.5 (LOW). Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send ...
How severe is CVE-2022-41968?
CVE-2022-41968 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-41968?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server.