QwikSec

Security Database

CVE

CWE

Training

CVE-2022-31024

Published: Jun 2, 2022

Modified: Apr 23, 2025

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available.

Vendor	Product	Versions
nextcloud	security-advisories	affected `< 4.2.6` affected `>= 5.0.0, < 5.0.4`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-94hr-7g4v-f53r

x_refsource_CONFIRM

https://github.com/nextcloud/richdocuments/pull/2161

x_refsource_MISC

https://hackerone.com/reports/1210424

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.