Home > Vulnerability Database > CVE-2024-22212

Mend.io Vulnerability Database

CVE-2024-22212

Good to know:

Date: January 18, 2024

Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue.

Language: PHP

Severity Score

9.6

Related Resources (5)

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-f63m-wp77

Url: https://hackerone.com/reports/2248689

Url: https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce4109b6bcccccd893ee

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-22212

Url: https://www.mend.io/vulnerability-database/CVE-2024-22212

Severity Score

9.6

Weakness Type (CWE)

Missing Authentication for Critical Function

CWE-306

Top Fix

Upgrade Version

Upgrade to version v1.4.1,v2.1.2,v2.3.4,v3.4.5

Learn More

CVSS v3.1

Base Score:	9.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-22212

Good to know:

Date: January 18, 2024

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?