Home > Vulnerability Database > CVE-2022-41970

Mend.io Vulnerability Database

CVE-2022-41970

Good to know:

Date: December 1, 2022

Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.

Language: PHP

Severity Score

5.4

Related Resources (5)

Url: https://hackerone.com/reports/1745766

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41970

Url: https://github.com/nextcloud/server/pull/34788

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9mh6-cph8-772c

Url: https://www.mend.io/vulnerability-database/CVE-2022-41970

Severity Score

5.4

Weakness Type (CWE)

Improper Access Control

CWE-284

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version v24.0.7,v25.0.1

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41970

Good to know:

Date: December 1, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?