CVE-2022-29163
Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a patch for this issue. There are currently no known workarounds.
Nextcloud Server es el software de servidor de archivos de Nextcloud, una plataforma de productividad auto alojada. En versiones anteriores a 22.2.6 y 23.0.3, un usuario puede crear un enlace que no esté protegido por contraseña, incluso si el administrador requiere que los enlaces estén protegidos por contraseña. Las versiones 22.2.6 y 23.0.3 contienen un parche para este problema. Actualmente no se presentan mitigaciones conocidas
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-13 CVE Reserved
- 2022-05-20 CVE Published
- 2023-12-11 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-671: Lack of Administrator Control over Security
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pwjv-h37v-c4fx | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/nextcloud/circles/pull/866 | 2022-06-02 | |
https://github.com/nextcloud/circles/pull/926 | 2022-06-02 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | < 22.2.6 Search vendor "Nextcloud" for product "Nextcloud Server" and version " < 22.2.6" | - |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 23.0.0 < 23.0.3 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 23.0.0 < 23.0.3" | - |
Affected
|