CVE-2022-41968

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m92j-xxc8-hq3v	Third Party Advisory
https://github.com/nextcloud/server/pull/33139	Patch Third Party Advisory
https://hackerone.com/reports/1596148	Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m92j-xxc8-hq3v	Third Party Advisory
https://github.com/nextcloud/server/pull/33139	Patch Third Party Advisory
https://hackerone.com/reports/1596148	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:nextcloud_server::::::::
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server::::::::
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*

History

21 Nov 2024, 07:24

Type	Values Removed	Values Added
References	~~() https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m92j-xxc8-hq3v - Third Party Advisory~~	() https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m92j-xxc8-hq3v - Third Party Advisory
References	~~() https://github.com/nextcloud/server/pull/33139 - Patch, Third Party Advisory~~	() https://github.com/nextcloud/server/pull/33139 - Patch, Third Party Advisory
References	~~() https://hackerone.com/reports/1596148 - Third Party Advisory~~	() https://hackerone.com/reports/1596148 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.3~~	v2 : unknown v3 : 3.5

06 Jul 2023, 13:42

Type	Values Removed	Values Added
References	~~(MISC) https://hackerone.com/reports/1596148 -~~	(MISC) https://hackerone.com/reports/1596148 - Third Party Advisory
References	~~(MISC) https://github.com/nextcloud/server/pull/33139 -~~	(MISC) https://github.com/nextcloud/server/pull/33139 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m92j-xxc8-hq3v -~~	(MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m92j-xxc8-hq3v - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CPE		cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::* cpe:2.3:a:nextcloud:nextcloud_server::::::::
CWE	~~CWE-400~~	CWE-1284

01 Dec 2022, 21:48

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-12-01 21:15

Updated : 2024-11-21 07:24

NVD link : CVE-2022-41968

Mitre link : CVE-2022-41968

CVE.ORG link : CVE-2022-41968

JSON object : View

Products Affected

nextcloud

nextcloud_server

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-1284

Improper Validation of Specified Quantity in Input

3.5 /10