Vulnerability DatabaseCVE-2022-31120
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2022-31120
August 04, 2022
Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available.
Related ResourcesĀ (5)
https://nvd.nist.gov/vuln/detail/CVE-2022-31120
https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31120.json
https://portal.nextcloud.com/article/using-the-audit-log-44.html
https://github.com/nextcloud/server/pull/31594/commits/1d8bf9a89c6856218802a1d365000a5831be8655
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9qvg-7fwg-722x
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.4
Attack Vector
ADJACENT
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
2.1
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Insufficient Logging
CWE-778
EPSS
Base Score:
0.41