Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31118

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (a-zA-Z0-9 ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in index.php/settings/admin/sharing.

CVE
Open in Source
#php

Impact

An attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (a-zA-Z0-9 ^ 15).

Patches

It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2.

Workarounds

As a workaround federated sharing can be disabled in the Admin Sharing settings: index.php/settings/admin/sharing

References

  • HackerOne
  • PullRequest

For more information

If you have any questions or comments about this advisory:

  • Create a post in nextcloud/security-advisories
  • Customers: Open a support ticket at support.nextcloud.com

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE