QwikSec

Security Database

CVE

CWE

Training

CVE-2022-39346

Published: Nov 25, 2022

Modified: Apr 23, 2025

PUBLISHED

CVSS v3.1

3.5

LOW

Description

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.

Vendor	Product	Versions
nextcloud	security-advisories	affected `< 22.2.10` affected `>= 23.0.0, < 23.0.7` affected `>= 24.0.0, < 24.0.3`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6w9f-jgjx-4vj6

https://github.com/nextcloud/server/pull/33052

https://hackerone.com/reports/1588562

FEDORA-2022-902df3b060

vendor-advisory

FEDORA-2022-49b20342c0

vendor-advisory

FEDORA-2022-98c1d712b5

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.