CVE-2022-29163

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a patch for this issue. There are currently no known workarounds.
References
Link Resource
https://hackerone.com/reports/1406926 Permissions Required
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pwjv-h37v-c4fx Issue Tracking Third Party Advisory
https://github.com/nextcloud/circles/pull/926 Issue Tracking Patch Third Party Advisory
https://github.com/nextcloud/circles/pull/866 Issue Tracking Patch Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Information

Published : 2022-05-20 09:15

Updated : 2022-06-02 07:44


NVD link : CVE-2022-29163

Mitre link : CVE-2022-29163


JSON object : View

CWE
CWE-671

Lack of Administrator Control over Security

Advertisement

dedicated server usa

Products Affected

nextcloud

  • nextcloud_server