CVE-2022-24888
Possible Injection in Nextcloud Server
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing
, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds.
Nextcloud Server es el software de servidor de archivos de Nextcloud, una plataforma de productividad autoalojada. En versiones anteriores a 20.0.14.4, 21.0.8, 22.2.4 y 23.0.1, era posible crear archivos y carpetas que contuvieran caracteres \N iniciales y finales. El servidor rechaza los archivos y carpetas que presentan estos caracteres en medio de sus nombres, por lo que esto podría ser una oportunidad para la inyección. Este problema ha sido corregido en versiones 20.0.14.4, 21.0.8, 22.2.4 y 23.0.1. Actualmente no se presentan medidas de mitigación conocidas
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-10 CVE Reserved
- 2022-04-27 CVE Published
- 2023-11-18 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w3h6-p64h-q9jp | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/nextcloud/server/pull/29895 | 2023-07-06 |
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202208-17 | 2023-07-06 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | < 20.0.14.4 Search vendor "Nextcloud" for product "Nextcloud Server" and version " < 20.0.14.4" | - |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 21.0.0 < 21.0.8 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 21.0.0 < 21.0.8" | - |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 22.0.0 < 22.2.4 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 22.0.0 < 22.2.4" | - |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 23.0.0 < 23.0.1 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 23.0.0 < 23.0.1" | - |
Affected
|