Vulnerabilities > CVE-2022-39329 - Missing Authorization vulnerability in Nextcloud Enterprise Server and Nextcloud Server

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
nextcloud
CWE-862
NVD
Published: 2022-10-27
Updated: 2023-07-14

Summary

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.

Vulnerable Configurations

Part Description Count
Application
Nextcloud
885

Common Weakness Enumeration (CWE)

References