CVE-2022-31024

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-31024

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31024.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-31024

Aliases

GHSA-94hr-7g4v-f53r

Published

2022-06-02T18:25:11Z

Modified

2025-11-28T03:52:53.851789Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Federated editing allows iframing remote servers by default in richdocuments

Details

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available.

Database specific

{
    "cwe_ids": [
        "CWE-284",
        "CWE-346"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31024.json"
}

References

Affected packages

Git / github.com/nextcloud/richdocuments

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/richdocuments

Events

Introduced

Fixed

b9778135c3dbfa86b08856efbc497905c98806ed

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.2.6"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/richdocuments

Events

Introduced

6d751c16b609a433c83d9d61585a98efc050260d

Fixed

8290c6ba9937d5bf5cb7635fba20f30d9298e28c

Database specific

{
    "versions": [
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.4"
        }
    ]
}

Affected versions

1.*

1.1.22

1.1.23

1.1.24

1.1.25

1.1.26

1.12.27

1.12.28

1.12.29

1.12.30

1.12.31

1.12.32

1.12.33

1.12.34

1.12.35

1.12.36

1.12.37

1.12.38

1.12.39

1.12.40

2.*

2.0.0

2.0.1

2.0.10

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

3.*

3.4.0-beta1

v3.*

v3.0.0-beta1

v3.0.0-beta2

v3.0.0-beta3

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.1.0

v3.1.1

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.3.0

v3.3.1

v3.3.10

v3.3.11

v3.3.12

v3.3.13

v3.3.15

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.0-beta1

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.5.0

v3.5.1

v3.5.2

v3.6.0

v3.7.0

v3.7.0-beta1

v3.7.0-beta2

v3.7.0-beta3

v3.7.1

v3.7.10

v3.7.11

v3.7.12

v3.7.13

v3.7.14

v3.7.2

v3.7.3

v3.7.4

v3.7.5

v3.7.6

v3.7.7

v3.7.8

v3.7.9

v4.*

v4.0.0

v4.0.0-beta1

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.1.0

v4.1.1

v4.1.2

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v5.*

v5.0.0

v5.0.1

v5.0.2

v5.0.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31024.json"