← volver
CVE-2022-41970

Nextcloud Server's disabled download shares still allow download through preview images

CVSS 2.6 LOWEPSS 0.6%CWE-284CWE-863
Vexday Risk Score
8Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 2.6EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 dic 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Productos afectados
nextcloud · security-advisories

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9mh6-cph8-772chttps://github.com/nextcloud/server/pull/34788https://hackerone.com/reports/1745766