Unrated severityNVD Advisory· Published Aug 4, 2022· Updated Apr 23, 2025
Missing brute force protection on cloud federation sharing in Nextcloud Server
CVE-2022-31118
Description
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (a-zA-Z0-9 ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in index.php/settings/admin/sharing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: before 22.2.9, 23.0.6, 24.0.2
- nextcloud/security-advisoriesv5Range: < 22.2.9
Patches
Vulnerability mechanics
References
2- github.com/nextcloud/security-advisories/security/advisories/GHSA-2vwh-5v93-3vcqmitrex_refsource_CONFIRM
- github.com/nextcloud/server/pull/32843/commits/6eb692da7fe73c899cb6a8d2aa045eddb1f14018mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.