CVE-2022-39211
low-risk
Published 2022-09-16
Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.
Do I need to act?
-
0.23% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.0/10
Low
NETWORK
/ HIGH complexity
Affected Products (2)
Nextcloud Enterprise Server
Affected Vendors
References (6)
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w...
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w...
19
/ 100
low-risk
Severity
11/34 · Low
Exploitability
1/34 · Minimal
Exposure
7/34 · Low