Unrated severityNVD Advisory· Published May 20, 2022· Updated Apr 23, 2025
Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server
CVE-2022-29163
Description
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a patch for this issue. There are currently no known workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nextcloud/security-advisoriesv5Range: < 22.2.6
Patches
Vulnerability mechanics
References
4- github.com/nextcloud/circles/pull/866mitrex_refsource_MISC
- github.com/nextcloud/circles/pull/926mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-pwjv-h37v-c4fxmitrex_refsource_CONFIRM
- hackerone.com/reports/1406926mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.