Vulnerability Description
Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Global Site Selector | >= 1.1.0, < 1.4.1 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce410Patch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-fPatchVendor Advisory
- https://hackerone.com/reports/2248689Issue TrackingThird Party Advisory
- https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce410Patch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-fPatchVendor Advisory
- https://hackerone.com/reports/2248689Issue TrackingThird Party Advisory
FAQ
What is CVE-2024-22212?
CVE-2024-22212 is a vulnerability with a CVSS score of 9.6 (CRITICAL). Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an atta...
How severe is CVE-2024-22212?
CVE-2024-22212 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-22212?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Global Site Selector.