CVE-2022-41969
Nextcloud Server has no password length limit when creating a user as an administrator
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords.
Nextcloud Server es un servidor en la nube personal de código abierto. Antes de las versiones 23.0.11, 24.0.7 y 25.0.0, no había límite de longitud de contraseña al crear un usuario como administrador. Un administrador puede provocar un ataque DoS limitado contra su propio servidor. Las versiones 23.0.11, 24.0.7 y 25.0.0 contienen una solución para el problema. Como workaround, no cree cuentas de usuario con contraseñas largas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-30 CVE Reserved
- 2022-12-01 CVE Published
- 2024-06-23 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-521: Weak Password Requirements
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4gm7-j7wg-m4fx | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/nextcloud/server/pull/34500 | 2022-12-05 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 23.0.0 < 23.0.11 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 23.0.0 < 23.0.11" | - |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 23.0.0 < 23.0.11 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 23.0.0 < 23.0.11" | enterprise |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 24.0.0 < 24.0.7 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 24.0.0 < 24.0.7" | - |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 24.0.0 < 24.0.7 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 24.0.0 < 24.0.7" | enterprise |
Affected
|