← Retour aux CVEs

CVE-2022-35931

LOW

2.7

Description

Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available.

Details CVE

Score CVSS v3.12.7

SeveriteLOW

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisHIGH

Interaction utilisateurNONE

Publie9/6/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

nextcloud:password_policy

Faiblesses (CWE)

CWE-261CWE-326

References

https://github.com/nextcloud/password_policy/pull/363(security-advisories@github.com)

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7mw-9q4r-8qwr(security-advisories@github.com)

https://github.com/nextcloud/password_policy/pull/363(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7mw-9q4r-8qwr(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.