CVE-2022-39211
Summary
| CVE | CVE-2022-39211 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-09-16 23:15:00 UTC |
| Updated | 2022-09-21 14:53:00 UTC |
| Description | Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue. |
Risk And Classification
Problem Types: CWE-918
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Nextcloud | Nextcloud Enterprise Server | All | All | All | All |
| Application | Nextcloud | Nextcloud Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Improve local IP detection by come-nc · Pull Request #33031 · nextcloud/server · GitHub | MISC | github.com | |
| Server-Side Request Forgery (SSRF) via potential filter bypass with too lax local domain checking · Advisory · nextcloud/security-advisories · GitHub | CONFIRM | github.com | |
| Improve local domain detection by come-nc · Pull Request #32988 · nextcloud/server · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.