CVE-2022-31119

Published: Aug 4, 2022

Modified: Apr 23, 2025

PUBLISHED

CVSS v3.1

3.1

LOW

Description

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration.

Vendor	Product	Versions
nextcloud	security-advisories	affected `< 1.12.1`

Weaknesses (CWE)

CWE-532

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-63m3-w68h-3wjg

x_refsource_CONFIRM

https://github.com/nextcloud/mail/issues/823

x_refsource_MISC

https://github.com/nextcloud/mail/pull/6488/commits/ab9ade57fbc1f465ffe905248f93f328d638d7e5

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-31119

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References