Lucene search
NextcloudGHSA-C7MW-9Q4R-8QWRHistorySep 01, 2022 - 4:50 a.m.
Generated passwords are not fully validated by HIBPValidator
2022-09-0104:50:11
github.com
20
password validation
nextcloud
upgrade
hibpvalidator
security advisory
CVSS3
2.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
19.4%
Description
Impact
In very rare cases the random password generator may generate common passwords the validator itself would block.
Patches
It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3.
Workarounds
No workaround available
References
For more information
If you have any questions or comments about this advisory:
- Create a post in nextcloud/security-advisories
- Customers: Open a support ticket at support.nextcloud.com
Related
osv
osv
CVE-2022-35931
2022-09-06 18:15:15
prion
prion
Default credentials
2022-09-06 18:15:00
cvelist
cvelist
hackerone
hackerone
Nextcloud: Generated passwords are not fully validated by HIBPValidator
2022-06-20 09:28:43
cve
cve
CVE-2022-35931
2022-09-06 18:15:15
nvd
nvd
CVE-2022-35931
2022-09-06 18:15:15
nessus
nessus
openSUSE 15 Security Update : nextcloud (openSUSE-SU-2023:0083-1)
2023-04-04 00:00:00
openvas
openvas
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0083-1)
2024-03-04 00:00:00
CVSS3
2.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
19.4%
Related for GHSA-C7MW-9Q4R-8QWR