CVE-2022-39364

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-39364

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39364.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-39364

Aliases

GHSA-qpf5-jj85-36h5

Published

2022-10-27T00:00:00Z

Modified

2026-02-07T04:23:36.625535Z

Severity

4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Exception logging in Sharepoint app reveals clear-text connection details

Details

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set zend.exception_ignore_args = On as an option in php.ini.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39364.json",
    "cwe_ids": [
        "CWE-312"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/nextcloud/circles

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/circles
Events: Introduced

bfefc853900df81436cec7d42177785e196f4773

Fixed

1f7cab38c7aa76d1354a0b7057c8d37c50ccd050

Introduced

f7a9e85a57112e98c201ebacf0b71e1bb6ded2a4

Fixed

ed5866a670c98f3ac510d39820785ace9e9cbf1e

Affected versions

v23.*

v23.0.0

v23.0.0rc3

v23.0.1

v23.0.1rc1

v23.0.1rc2

v23.0.1rc3

v23.0.2

v23.0.2rc1

v23.0.3

v23.0.3rc1

v23.0.3rc2

v23.0.4

v23.0.4rc1

v23.0.5

v23.0.5rc1

v23.0.6

v23.0.6rc1

v23.0.7

v23.0.7rc1

v23.0.7rc2

v23.0.8

v23.0.8rc1

v23.0.9rc1

v24.*

v24.0.0

v24.0.0rc2

v24.0.0rc3

v24.0.1

v24.0.1rc1

v24.0.2

v24.0.2rc1

v24.0.3

v24.0.3rc1

v24.0.3rc2

v24.0.4

v24.0.4rc1

v24.0.5rc1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39364.json"

Git / github.com/nextcloud/server

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/server

Events

Introduced

0619207f13792250aea775a2c3133d41ab625980

Fixed

19ac8fd167de17fb20d3b718a9bba6943a973fa5

Database specific

{
    "versions": [
        {
            "introduced": "23.0.0"
        },
        {
            "fixed": "23.0.9"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/server

Events

Introduced

5f37aacb3194d51503aaa3529ae8f676b32a25d7

Fixed

e712fab1daf99ad6d1d48f9e851f3a4f90166649

Database specific

{
    "versions": [
        {
            "introduced": "24.0.0"
        },
        {
            "fixed": "24.0.5"
        }
    ]
}

Affected versions

v23.*

v23.0.0

v23.0.1

v23.0.1rc1

v23.0.1rc2

v23.0.1rc3

v23.0.2

v23.0.2rc1

v23.0.3

v23.0.3rc1

v23.0.3rc2

v23.0.4

v23.0.4rc1

v23.0.5

v23.0.5rc1

v23.0.6

v23.0.6rc1

v23.0.7

v23.0.7rc1

v23.0.7rc2

v23.0.8

v23.0.8rc1

v23.0.9rc1

v24.*

v24.0.0

v24.0.1

v24.0.1rc1

v24.0.2

v24.0.2rc1

v24.0.3

v24.0.3rc1

v24.0.3rc2

v24.0.4

v24.0.4rc1

v24.0.5rc1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39364.json"