Vulnerability Details : CVE-2022-31014
Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenticated SMTP session and run arbitrary SMTP commands as the email user, such as sending emails to other users, changing the FROM user, and so on. As before, this depends on the configuration of the server itself, but newlines should be sanitized to mitigate such arbitrary SMTP command injection. It is recommended that the Nextcloud Server is upgraded to 22.2.8 , 23.0.5 or 24.0.1. There are no known workarounds for this issue.
Products affected by CVE-2022-31014
- cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
- Nextcloud » Nextcloud Server » Enterprise EditionVersions from including (>=) 21.0.0 and before (<) 21.0.9.5cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
- Nextcloud » Nextcloud Server » Enterprise EditionVersions from including (>=) 20.0.0 and before (<) 20.0.14.6cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:24.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:24.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:24.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:24.0.0:-:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:24.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:24.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:24.0.0:beta3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-31014
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-31014
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST | |
3.5
|
LOW | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
2.1
|
1.4
|
NIST | |
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
GitHub, Inc. |
CWE ids for CVE-2022-31014
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
-
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.Assigned by: security-advisories@github.com (Secondary)
References for CVE-2022-31014
-
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-264h-3v4w-6xh2
SMTP Command Injection in iCalendar Attachments to emails via newlines · Advisory · nextcloud/security-advisories · GitHubExploit;Third Party Advisory
-
https://github.com/nextcloud/server/pull/32428
Add Email validation by miaulalala · Pull Request #32428 · nextcloud/server · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://hackerone.com/reports/1516377
#1516377 SMTP Command Injection in iCalendar Attachments to Emails via NewlinesExploit;Issue Tracking;Patch;Third Party Advisory
Jump to