CVE-2022-31118
First published: Thu Aug 04 2022(Updated: )
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php/settings/admin/sharing`.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud Server | <22.2.9 | |
| Nextcloud Nextcloud Server | >=23.0.0<23.0.6 | |
| Nextcloud Nextcloud Server | >=24.0.0<24.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-31118?
CVE-2022-31118 is a vulnerability in the Nextcloud Server that allows an attacker to brute force access tokens for federated shares.
What is the severity of CVE-2022-31118?
CVE-2022-31118 has a severity rating of 5.3, which is considered medium.
How can an attacker exploit CVE-2022-31118?
An attacker can exploit CVE-2022-31118 by brute forcing access tokens for federated shares in the Nextcloud Server.
What versions of Nextcloud Server are affected by CVE-2022-31118?
Nextcloud Server versions up to 22.2.9 are affected, as well as versions between 23.0.0 and 23.0.6, and versions between 24.0.0 and 24.0.2.
How can I fix CVE-2022-31118?
To fix CVE-2022-31118, it is recommended to upgrade to a version of Nextcloud Server that is not affected. References to the specific versions can be found in the provided links.
- collector/nvd-index
- vendor/nextcloud
- canonical/nextcloud nextcloud server
- version/nextcloud nextcloud server/23.0.0
- version/nextcloud nextcloud server/24.0.0