← back
CVE-2022-39329

Profile of disabled user stays accessible

CVSS 3.5 LOWEPSS 0.6%CWE-284CWE-285
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 3.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Affected products
nextcloud · security-advisories

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f3p-rcm5-mrg3https://github.com/nextcloud/server/pull/33643https://hackerone.com/reports/1675014