Nextcloud Enterprise Server Nextcloud Enterprise Server

Do you want an email whenever new security vulnerabilities are reported in Nextcloud Enterprise Server?

By the Year

In 2023 there have been 0 vulnerabilities in Nextcloud Enterprise Server . Last year Nextcloud Enterprise Server had 6 security vulnerabilities published. Right now, Nextcloud Enterprise Server is on track to have less security vulnerabilities in 2023 than it did last year.

Year Vulnerabilities Average Score
2023 0 0.00
2022 6 5.90
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Nextcloud Enterprise Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Nextcloud Enterprise Server Security Vulnerabilities

Nextcloud server is an open source personal cloud server

CVE-2022-39346 6.5 - Medium - November 25, 2022

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.

Improper Input Validation

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform

CVE-2022-39364 6.5 - Medium - October 27, 2022

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`.

Cleartext Storage of Sensitive Information

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform

CVE-2022-39329 5.3 - Medium - October 27, 2022

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.

AuthZ

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform

CVE-2022-39330 4.3 - Medium - October 27, 2022

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app.

Resource Exhaustion

Nextcloud server is an open source personal cloud platform

CVE-2022-39211 5.3 - Medium - September 16, 2022

Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.

XSPA

Nextcloud server is an open source personal cloud product

CVE-2022-36074 7.5 - High - September 15, 2022

Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server is upgraded to 23.0.7 or 24.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.11, 23.0.7 or 24.0.3. There are no known workarounds for this issue.

AuthZ

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Nextcloud Server or by Nextcloud? Click the Watch button to subscribe.

Nextcloud
Vendor

subscribe