Vulnerabilities > CVE-2022-31024 - Unspecified vulnerability in Nextcloud Richdocuments
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available.
Vulnerable Configurations
References
- https://github.com/nextcloud/richdocuments/pull/2161
- https://github.com/nextcloud/richdocuments/pull/2161
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-94hr-7g4v-f53r
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-94hr-7g4v-f53r
- https://hackerone.com/reports/1210424
- https://hackerone.com/reports/1210424