CVE-2022-41970
Nextcloud Server's disabled download shares still allow download through preview images
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.
Nextcloud Server es un servidor en la nube personal de código abierto. Antes de las versiones 24.0.7 y 25.0.1, los recursos compartidos de descarga deshabilitados aún permitían la descarga a través de imágenes de vista previa. Se pueden descargar imágenes y vistas previas de documentos (primera página) sin necesidad de marcas de agua. Las versiones 24.0.7 y 25.0.1 contienen una solución para este problema. No hay workarounds disponibles.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-30 CVE Reserved
- 2022-12-01 CVE Published
- 2024-06-23 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-863: Incorrect Authorization
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9mh6-cph8-772c | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/nextcloud/server/pull/34788 | 2022-12-06 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 24.0.0 < 24.0.7 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 24.0.0 < 24.0.7" | - |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 24.0.0 < 24.0.7 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 24.0.0 < 24.0.7" | enterprise |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | 25.0.0 Search vendor "Nextcloud" for product "Nextcloud Server" and version "25.0.0" | - |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | 25.0.0 Search vendor "Nextcloud" for product "Nextcloud Server" and version "25.0.0" | enterprise |
Affected
|