admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-311xx/CVE-2022-31118.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

132 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-31118",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-08-04T17:15:08.440",
"lastModified": "2022-08-10T15:31:24.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php/settings/admin/sharing`."
},
{
"lang": "es",
"value": "El servidor Nextcloud es una soluci\u00f3n de nube personal de c\u00f3digo abierto. En las versiones afectadas un atacante podr\u00eda hacer fuerza bruta para encontrar si est\u00e1 siendo usando el uso compartido federado y potencialmente intentar forzar los tokens de acceso para los recursos compartidos federados (`a-zA-Z0-9\" ^ 15). Es recomendado actualizar el servidor Nextcloud a versiones 22.2.9, 23.0.6 o 24.0.2. Los usuarios que no puedan actualizar pueden deshabilitar la compartici\u00f3n federada por medio de la configuraci\u00f3n de compartici\u00f3n del administrador en \"index.php/settings/admin/sharing\""
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.2.9",
"matchCriteriaId": "596A101A-C02E-4B7A-A281-8B5E680157F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.0.6",
"matchCriteriaId": "8D211427-568D-4955-AD5E-A5DDD3AAA988"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.0.2",
"matchCriteriaId": "E86D31A7-ED06-426E-B4BD-3A9F23F49D00"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vwh-5v93-3vcq",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/32843/commits/6eb692da7fe73c899cb6a8d2aa045eddb1f14018",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink