9.8
CVE-2024-22212
- EPSS 1.15%
- Veröffentlicht 18.01.2024 19:15:10
- Zuletzt bearbeitet 21.11.2024 08:55:48
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginNextcloud global site selector authentication bypass
Global site selector authentication bypass
Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue.
Mögliche Gegenmaßnahme
Global Site Selector: * No workaround available
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nextcloud ≫ Global Site Selector Version >= 1.1.0 < 1.4.1
Nextcloud ≫ Global Site Selector Version >= 2.0.0 < 2.1.2
Nextcloud ≫ Global Site Selector Version >= 2.2.0 < 2.3.4
Nextcloud ≫ Global Site Selector Version >= 2.4.0 < 2.4.5
Weitere Schwachstelleninformationen
SystemNextcloud App
≫
Produkt
Global Site Selector
Version
>= 1.1.0, < 1.4.1
Version
>= 2.0.0, < 1.4.1
Version
>= 2.1.0, < 1.4.1
Version
>= 2.2.0, < 2.1.2
Version
>= 2.3.0, < 2.3.4
Version
>= 2.4.0, < 2.4.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.15% | 0.782 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.