CVE-2022-24888
Summary
| CVE | CVE-2022-24888 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-27 15:15:00 UTC |
| Updated | 2023-07-06 13:34:00 UTC |
| Description | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Nextcloud | Nextcloud Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Nextcloud: Multiple Vulnerabilities (GLSA 202208-17) — Gentoo security | GENTOO | security.gentoo.org | |
| Check for invalid characters before trimming by nickvergessen · Pull Request #29895 · nextcloud/server · GitHub | MISC | github.com | |
| Control character filtering misses leading and trailing whitespace in file and folder names · Advisory · nextcloud/security-advisories · GitHub | CONFIRM | github.com | |
| HackerOne | MISC | hackerone.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710590 Gentoo Linux Nextcloud Multiple Vulnerabilities (GLSA 202208-17)