CVE-2022-41969
CVSS V2 None
CVSS V3 None
Description
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords.
Overview
- CVE ID
- CVE-2022-41969
- Assigner
- security-advisories@github.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-12-01T21:15:19.660
- Last Modified Date
- 2022-12-05T19:32:20.867
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* | 1 | OR | 23.0.0 | 23.0.11 |
| cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:* | 1 | OR | 23.0.0 | 23.0.11 |
| cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* | 1 | OR | 24.0.0 | 24.0.7 |
| cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:* | 1 | OR | 24.0.0 | 24.0.7 |
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4gm7-j7wg-m4fx | Third Party Advisory |
| https://github.com/nextcloud/server/pull/34500 | Patch Third Party Advisory |
| https://hackerone.com/reports/1727424 | Permissions Required Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-41969 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41969 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-12-07 18:05:54 | Added to TrackCVE |