6.5
CVE-2022-31024
- EPSS 0.14%
- Veröffentlicht 02.06.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 07:03:44
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginFederated editing allows iframing remote servers by default in richdocuments
Federated editing allows iframing remote servers by default
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available.
Mögliche Gegenmaßnahme
richdocuments: No workaround available
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nextcloud ≫ Richdocuments Version < 4.2.6
Nextcloud ≫ Richdocuments Version >= 5.0.0 < 5.0.4
Nextcloud ≫ Richdocuments Version6.0.0 Updatebeta1
Weitere Schwachstelleninformationen
SystemNextcloud App
≫
Produkt
richdocuments
Version
>= 0.0.0, < 4.2.6
Version
>= 5.0.0, < 5.0.4
Version
>= 6.0.0, < 6.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.335 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
| security-advisories@github.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-346 Origin Validation Error
The product does not properly verify that the source of data or communication is valid.