CVE-2022-39329

{"id": "CVE-2022-39329", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2022-10-27T14:15:11.390", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f3p-rcm5-mrg3", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/server/pull/33643", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://hackerone.com/reports/1675014", "tags": ["Permissions Required", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available."}, {"lang": "es", "value": "Nextcloud Server es el software de servidor de archivos para Nextcloud, una plataforma de productividad autohospedada. Nextcloud Server y Nextcloud Enterprise Server anteriores a las versiones 23.0.9 y 24.0.5 son vulnerables a la exposici\u00f3n de informaci\u00f3n que los administradores no pueden controlar sin acceso directo a la base de datos. Las versiones 23.0.9 y 24.0.5 contienen parches para este problema. No hay workarounds conocidos disponibles."}], "lastModified": "2023-07-14T18:53:30.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9AFD20D-B0C0-41EF-8691-FAED764B6373", "versionEndExcluding": "23.0.9"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3AFFCA7-2B0A-49B1-B625-4A7F032587B4", "versionEndExcluding": "24.0.5", "versionStartIncluding": "24.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06F3A940-4479-48B2-973A-CB9DEAE3F3FE", "versionEndExcluding": "23.0.9"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD8E7E4F-3467-4124-9FBC-26C72C75BC33", "versionEndExcluding": "24.0.5", "versionStartIncluding": "24.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}