icon

We found results for “

CVE-2022-31118

Date: August 4, 2022

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares ("a-zA-Z0-9" ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in "index.php/settings/admin/sharing".

Language: PHP

Severity Score

Severity Score

Weakness Type (CWE)

Improper Restriction of Excessive Authentication Attempts

CWE-307

Allocation of Resources Without Limits or Throttling

CWE-770

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us