CVE-2022-36074 : Nextcloud server is an open source personal cloud product. Affected versions of

Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server is upgraded to 23.0.7 or 24.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.11, 23.0.7 or 24.0.3. There are no known workarounds for this issue.

Published 2022-09-15 22:15:11

Updated 2023-07-21 21:01:22

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2022-36074

Nextcloud » Nextcloud Server
Versions before (<) 23.0.7
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
Matching versions
Nextcloud » Nextcloud Server
Versions from including (>=) 24.0.0 and before (<) 24.0.3
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
Matching versions
Nextcloud » Nextcloud Enterprise Server
Versions before (<) 22.2.11
cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:*
Matching versions
Nextcloud » Nextcloud Enterprise Server
Versions from including (>=) 23.0.0 and before (<) 23.0.7
cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:*
Matching versions
Nextcloud » Nextcloud Enterprise Server
Versions from including (>=) 24.0.0 and before (<) 24.0.3
cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-36074

EPSS FAQ

0.21%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 44 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-36074

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
6.4	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N	1.2	5.2	GitHub, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: None

CWE ids for CVE-2022-36074

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: security-advisories@github.com (Secondary)
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Assigned by: nvd@nist.gov (Primary)
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-36074

https://github.com/nextcloud/server/pull/32941

Bump guzzlehttp/guzzle from 7.4.0 to 7.4.4 by CarlSchwan · Pull Request #32941 · nextcloud/server · GitHub
Patch;Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vqgm-f748-g76v

Authentication header is passed on by Nextcloud Server due to a vulnerable GuzzleHTTP version · Advisory · nextcloud/security-advisories · GitHub
Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-36074

Products affected by CVE-2022-36074

Exploit prediction scoring system (EPSS) score for CVE-2022-36074

CVSS scores for CVE-2022-36074

CWE ids for CVE-2022-36074

References for CVE-2022-36074