Unrated severityNVD Advisory· Published Jun 2, 2022· Updated Apr 23, 2025
Federated editing allows iframing remote servers by default in richdocuments
CVE-2022-31024
Description
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: < 4.2.6, < 5.0.4, < 6.0.0
- nextcloud/security-advisoriesv5Range: < 4.2.6
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/richdocuments/pull/2161mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-94hr-7g4v-f53rmitrex_refsource_CONFIRM
- hackerone.com/reports/1210424mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.