Home > Vulnerability Database > CVE-2022-39329

Mend.io Vulnerability Database

CVE-2022-39329

Date: October 26, 2022

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.

Language: PHP

Severity Score

3.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39329

Url: https://hackerone.com/reports/1675014

Url: https://github.com/nextcloud/server/pull/33643

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f3p-rcm5-mrg3

Url: https://www.mend.io/vulnerability-database/CVE-2022-39329

Severity Score

3.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Improper Authorization

CWE-285

Missing Authorization

CWE-862

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39329

Date: October 26, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?