Unrated severityNVD Advisory· Published Oct 27, 2022· Updated Apr 23, 2025
Database resource exhaustion for logged-in users via sharee recommendations with circles
CVE-2022-39330
Description
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <23.0.10, <24.0.6
- nextcloud/security-advisoriesv5Range: >= 23.0.0, < 23.0.9
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.