CVE-2022-41970
low-risk
Published 2022-12-01
Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.
Do I need to act?
-
0.15% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.6/10
Low
NETWORK
/ HIGH complexity
Affected Products (4)
Affected Vendors
References (6)
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9mh6-c...
Permissions Required
https://hackerone.com/reports/1745766
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9mh6-c...
Permissions Required
https://hackerone.com/reports/1745766
21
/ 100
low-risk
Severity
10/34 · Low
Exploitability
1/34 · Minimal
Exposure
10/34 · Low