Home > Vulnerability Database > CVE-2022-39364

Mend.io Vulnerability Database

CVE-2022-39364

Date: October 26, 2022

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading "nextcloud.log" may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set "zend.exception_ignore_args = On" as an option in "php.ini".

Language: PHP

Severity Score

4.0

Related Resources (6)

Url: https://github.com/nextcloud/sharepoint/issues/141

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpf5-jj85-36h5

Url: https://hackerone.com/reports/1652903

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39364

Url: https://github.com/nextcloud/server/pull/33689

Url: https://www.mend.io/vulnerability-database/CVE-2022-39364

Severity Score

4.0

Weakness Type (CWE)

Cleartext Storage of Sensitive Information

CWE-312

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39364

Date: October 26, 2022

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?