Home > Vulnerability Database > CVE-2022-39211

Mend.io Vulnerability Database

CVE-2022-39211

Good to know:

Date: September 16, 2022

Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.

Language: PHP

Severity Score

3.0

Related Resources (5)

Url: https://github.com/nextcloud/server/pull/33031

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39211

Url: https://github.com/nextcloud/server/pull/32988

Url: https://www.mend.io/vulnerability-database/CVE-2022-39211

Severity Score

3.0

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version v23.0.8,v24.0.4

Learn More

CVSS v3.1

Base Score:	3.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39211

Good to know:

Date: September 16, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?