Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39330.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-400"
]
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "22.2.10"
},
{
"introduced": "23.0.0"
},
{
"fixed": "23.0.10"
},
{
"introduced": "24.0.0"
},
{
"fixed": "24.0.6"
}
]
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "23.0.10"
},
{
"introduced": "24.0.0"
},
{
"fixed": "24.0.6"
}
]
}