Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2022-24888: Nextcloud: Multiple Vulnerabilities

Back to Search

Gentoo Linux: CVE-2022-24888: Nextcloud: Multiple Vulnerabilities

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
04/27/2022
Created
08/29/2022
Added
08/11/2022
Modified
08/11/2022

Description

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds.

Solution(s)

  • gentoo-linux-upgrade-www-apps-nextcloud

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;