| Vulnerability Name: | CVE-2022-39211 (CCN-236523) | ||||||||||||
| Assigned: | 2022-09-16 | ||||||||||||
| Published: | 2022-09-16 | ||||||||||||
| Updated: | 2022-09-21 | ||||||||||||
| Summary: | Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) 4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
2.6 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-918 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-39211 Source: XF Type: UNKNOWN nextcloud-cve202239211-ssrf(236523) Source: CCN Type: Nextcloud GIT Repository Server-Side Request Forgery (SSRF) via potential filter bypass with too lax local domain checking Source: CONFIRM Type: Third Party Advisory https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8 Source: MISC Type: Patch, Third Party Advisory https://github.com/nextcloud/server/pull/32988 Source: MISC Type: Patch, Third Party Advisory https://github.com/nextcloud/server/pull/33031 Source: CCN Type: Mend Vulnerability Database CVE-2022-39211 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||