Home > Vulnerability Database > CVE-2022-41970

Mend.io Vulnerability Database

CVE-2022-41970

Date: December 1, 2022

Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.

Language: PHP

Severity Score

2.6

Related Resources (5)

Url: https://hackerone.com/reports/1745766

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41970

Url: https://github.com/nextcloud/server/pull/34788

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9mh6-cph8-772c

Url: https://www.mend.io/vulnerability-database/CVE-2022-41970

Severity Score

2.6

Weakness Type (CWE)

Improper Access Control

CWE-284

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	2.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41970

Date: December 1, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?