Home > Vulnerability Database > CVE-2022-31118

Mend.io Vulnerability Database

CVE-2022-31118

Date: August 4, 2022

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares ("a-zA-Z0-9" ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in "index.php/settings/admin/sharing".

Language: PHP

Severity Score

6.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31118

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vwh-5v93-3vcq

Url: https://github.com/nextcloud/server/pull/32843/commits/6eb692da7fe73c899cb6a8d2aa045eddb1f14018

Url: https://www.mend.io/vulnerability-database/CVE-2022-31118

Severity Score

6.5

Weakness Type (CWE)

Improper Restriction of Excessive Authentication Attempts

CWE-307

Allocation of Resources Without Limits or Throttling

CWE-770

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31118

Date: August 4, 2022

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?