CVE-2022-41970: Nextcloud Server's disabled download shares still allow download through preview images
First published: Thu Dec 01 2022(Updated: )
Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud Server | >=24.0.0<24.0.7 | |
| Nextcloud Nextcloud Server | >=24.0.0<24.0.7 | |
| Nextcloud Nextcloud Server | =25.0.0 | |
| Nextcloud Nextcloud Server | =25.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-41970?
CVE-2022-41970 is a vulnerability in Nextcloud Server versions prior to 24.0.7 and 25.0.1 that allows download of disabled download shares through preview images.
How severe is CVE-2022-41970?
CVE-2022-41970 has a severity rating of 5.3 (medium).
How can I fix CVE-2022-41970?
To fix CVE-2022-41970, upgrade Nextcloud Server to versions 24.0.7 or 25.0.1.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/title
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/nextcloud
- canonical/nextcloud nextcloud server
- version/nextcloud nextcloud server/24.0.0
- version/nextcloud nextcloud server/25.0.0