{ "id": "CVE-2022-29243", "sourceIdentifier": "security-advisories@github.com", "published": "2022-05-31T17:15:07.753", "lastModified": "2022-09-27T14:13:27.800", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. Versions 22.2.7 and 23.0.4 contain a fix for this issue. There are currently no known workarounds available." }, { "lang": "es", "value": "Nextcloud Server es el software de servidor de archivos de Nextcloud, una plataforma de productividad auto alojada. En versiones anteriores a 22.2.7 y 23.0.4, una falta de comprobaci\u00f3n del tama\u00f1o de la entrada de los nuevos nombres de sesi\u00f3n permite a usuarios crear contrase\u00f1as de aplicaciones con nombres largos. Estos nombres largos son cargados en la memoria durante el uso, resultando en un impacto en el rendimiento. Las versiones 22.2.7 y 23.0.4 contienen una correci\u00f3n para este problema. Actualmente no se presentan mitigaciones conocidas disponibles" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 1.4 }, { "source": "security-advisories@github.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 1.4 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "security-advisories@github.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" }, { "lang": "en", "value": "CWE-400" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "22.2.7", "matchCriteriaId": "1569E72C-B9ED-4CED-ADBC-77DD1C02E1A6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "versionStartExcluding": "23.0.0", "versionEndExcluding": "23.0.4", "matchCriteriaId": "C7469702-2C54-4F44-A760-03601C53FBD4" } ] } ] } ], "references": [ { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7cwm-qph5-4h5w", "source": "security-advisories@github.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://github.com/nextcloud/server/pull/31658", "source": "security-advisories@github.com", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://hackerone.com/reports/1153138", "source": "security-advisories@github.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://security.gentoo.org/glsa/202208-17", "source": "security-advisories@github.com", "tags": [ "Third Party Advisory" ] } ] }