CVE-2022-31119: Password disclosure in log file in Nextcloud Mail App
First published: Thu Aug 04 2022(Updated: )
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud mail | <1.12.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-31119?
CVE-2022-31119 is a vulnerability in Nextcloud Mail that could potentially leak user passwords if there is a misconfiguration.
What is the severity of CVE-2022-31119?
CVE-2022-31119 has a severity rating of medium, with a severity value of 4.9.
How does CVE-2022-31119 affect Nextcloud Mail?
CVE-2022-31119 affects versions of Nextcloud Mail up to and excluding 1.12.1.
How can an attacker exploit CVE-2022-31119?
If there is a misconfiguration, an attacker could gain access to the log files containing user passwords and obtain complete access to affected accounts.
How can I fix CVE-2022-31119?
To fix CVE-2022-31119, it is recommended to update Nextcloud Mail to a version that includes the fix for the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/remedy
- agent/title
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/nextcloud
- canonical/nextcloud mail