QID 730688

Date Published: 2023-01-16

QID 730688: Nextcloud Server Information Exposure Vulnerability

Nextcloud is a suite of client-server software for creating and using file hosting services. The open architecture allows adding functionality to the server in the form of applications and enables users to have full control of their data.

Affected Versions:
Nextcloud Server prior to version 23.0.7

Nextcloud Server prior to version 24.0.3

QID Detection Logic(Unauthenticated):
It checks for vulnerable versions of Nextcloud Server.

The vulnerability can lead to account access exposure and compromise.

CVSS V3 rated as High - 7.5 severity.

CVSS V2 rated as High - 7.8 severity.

Solution

The vendor has released patch to address this issue. For more information please visit Patch Information.

Vendor References

GHSA-vqgm-f748-g76v - github.com/nextcloud/security-advisories/security/advisories/GHSA-vqgm-f748-g76v

CVEs related to QID 730688

CVE-2022-36074 |

Software Advisories

Advisory ID	Software	Component	Link
GHSA-vqgm-f748-g76v			github.com/nextcloud/security-advisories/security/advisories/GHSA-vqgm-f748-g76v

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].