← Retour aux CVEs
CVE-2022-41970
LOW2.6
Description
Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.
Details CVE
Score CVSS v3.12.6
SeveriteLOW
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisLOW
Interaction utilisateurREQUIRED
Publie12/1/2022
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
nextcloud:nextcloud_server
Faiblesses (CWE)
CWE-284CWE-863CWE-863
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9mh6-cph8-772c(security-advisories@github.com)
https://github.com/nextcloud/server/pull/34788(security-advisories@github.com)
https://hackerone.com/reports/1745766(security-advisories@github.com)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9mh6-cph8-772c(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/pull/34788(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1745766(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.