CVE-2022-39330

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39330

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39330.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-39330

Aliases

GHSA-wxx7-w5p4-7x4c

Published

2022-10-27T00:00:00Z

Modified

2025-12-04T10:36:39.979832Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Database resource exhaustion for logged-in users via sharee recommendations with circles

Details

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39330.json",
    "cwe_ids": [
        "CWE-400"
    ]
}

References

Affected packages

Git / github.com/nextcloud/circles

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/circles

Events

Introduced

f7a9e85a57112e98c201ebacf0b71e1bb6ded2a4

Fixed

ed5866a670c98f3ac510d39820785ace9e9cbf1e

Database specific

{
    "versions": [
        {
            "introduced": "23.0.0"
        },
        {
            "fixed": "23.0.9"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/circles

Events

Introduced

bfefc853900df81436cec7d42177785e196f4773

Fixed

1f7cab38c7aa76d1354a0b7057c8d37c50ccd050

Database specific

{
    "versions": [
        {
            "introduced": "24.0.0"
        },
        {
            "fixed": "24.0.5"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/circles

Events

Introduced

Fixed

2cf23f1a330ca69407f6ae5757593da511dc5b80

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "22.2.10"
        }
    ]
}

Affected versions

0.*

0.14.1

22.*

22.0.0

22.0.0-beta.4

22.0.0-rc1

22.1.0

v0.*

v0.10.0

v0.11.0

v0.12.0

v0.12.1

v0.12.2

v0.12.3

v0.12.4

v0.13.0

v0.13.1

v0.13.2

v0.13.3

v0.13.4

v0.13.5

v0.13.6

v0.14.0

v0.14.2

v0.15.0

v0.15.1

v0.16.0

v0.16.1

v0.17.0

v0.17.1

v0.17.10

v0.17.2

v0.17.3

v0.17.4

v0.17.5

v0.17.6

v0.17.7

v0.17.8

v0.17.9

v0.18.0

v0.18.1

v0.18.2

v0.18.3

v0.19.0

v0.19.1

v0.19.2

v0.19.3

v0.19.4

v0.19.5

v0.20.0

v0.20.1

v0.20.2

v0.20.4

v0.20.5

v0.20.6

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v22.*

v22.0.0

v22.0.0-alpha.2

v22.0.0-alpha.3

v22.0.0-alpha.4

v22.0.0-alpha.6

v22.0.0-alpha.9

v22.0.0-beta.1

v22.0.0-beta.5

v22.0.0beta3

v22.0.0rc1

v22.0.0rc2

v22.1.0

v22.1.0rc1

v22.1.1

v22.1.1rc1

v22.1.1rc2

v22.2.0

v22.2.0rc2

v22.2.1

v22.2.10rc1

v22.2.10rc2

v22.2.1rc1

v22.2.2

v22.2.3

v22.2.4

v22.2.4rc1

v22.2.4rc2

v22.2.4rc3

v22.2.5

v22.2.5rc1

v22.2.6

v22.2.6rc1

v22.2.6rc2

v22.2.7

v22.2.7rc1

v22.2.8

v22.2.8rc1

v22.2.9

v22.2.9rc1

v23.*

v23.0.0

v23.0.0rc3

v23.0.1

v23.0.1rc1

v23.0.1rc2

v23.0.1rc3

v23.0.2

v23.0.2rc1

v23.0.3

v23.0.3rc1

v23.0.3rc2

v23.0.4

v23.0.4rc1

v23.0.5

v23.0.5rc1

v23.0.6

v23.0.6rc1

v23.0.7

v23.0.7rc1

v23.0.7rc2

v23.0.8

v23.0.8rc1

v23.0.9rc1

v24.*

v24.0.0

v24.0.0rc2

v24.0.0rc3

v24.0.1

v24.0.1rc1

v24.0.2

v24.0.2rc1

v24.0.3

v24.0.3rc1

v24.0.3rc2

v24.0.4

v24.0.4rc1

v24.0.5rc1

Git / github.com/nextcloud/server

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b3b27e3f1605ee0e5bd99d72badf1b0d704032e5

Affected versions

22.*

22.1.0

Other

list

v1.*

v1.0.0beta1

v1.0RC1

v1.1

v11.*

v11.0.0

v11.0RC2

v12.*

v12.0.0beta1

v12.0.0beta2

v12.0.0beta3

v12.0.0beta4

v13.*

v13.0.0RC1

v13.0.0beta1

v13.0.0beta2

v13.0.0beta3

v13.0.0beta4

v14.*

v14.0.0RC1

v14.0.0RC2

v14.0.0beta1

v14.0.0beta2

v14.0.0beta3

v14.0.0beta4

v15.*

v15.0.0RC1

v15.0.0beta1

v15.0.0beta2

v16.*

v16.0.0RC1

v16.0.0alpha1

v16.0.0beta1

v16.0.0beta2

v16.0.0beta3

v17.*

v17.0.0beta1

v17.0.0beta2

v17.0.0beta3

v17.0.0beta4

v18.*

v18.0.0RC1

v18.0.0beta1

v18.0.0beta2

v18.0.0beta3

v18.0.0beta4

v19.*

v19.0.0RC1

v19.0.0RC2

v19.0.0beta1

v19.0.0beta2

v19.0.0beta3

v19.0.0beta4

v19.0.0beta5

v19.0.0beta6

v19.0.0beta7

v2.*

v2.0beta3

v20.*

v20.0.0RC1

v20.0.0beta1

v20.0.0beta2

v20.0.0beta3

v20.0.0beta4

v21.*

v21.0.0beta1

v21.0.0beta2

v21.0.0beta3

v21.0.0beta4

v21.0.0beta5

v21.0.0beta6

v21.0.0beta7

v21.0.0beta8

v22.*

v22.0.0

v22.0.0beta1

v22.0.0beta2

v22.0.0beta3

v22.0.0beta4

v22.0.0beta5

v22.0.0rc1

v22.0.0rc2

v22.1.0

v22.1.0rc1

v22.1.1

v22.1.1rc1

v22.1.1rc2

v22.2.0

v22.2.0rc2

v22.2.1

v22.2.10rc1

v22.2.10rc2

v22.2.1rc1

v22.2.2

v22.2.3

v22.2.4

v22.2.4rc1

v22.2.4rc2

v22.2.4rc3

v22.2.5

v22.2.5rc1

v22.2.6

v22.2.6rc1

v22.2.6rc2

v22.2.7

v22.2.7rc1

v22.2.8

v22.2.8rc1

v22.2.9

v22.2.9rc1

v3.*

v3.0

v3.0RC1

v3.0alpha1

v4.*

v4.0.0

v4.0.0RC

v4.0.0RC2

v4.0.0beta

v4.0.1

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.5.0

v4.5.0RC1

v4.5.0RC2

v4.5.0RC3

v4.5.0beta1

v4.5.0beta2

v4.5.0beta3

v4.5.0beta4

v5.*

v5.0.0

v5.0.0RC1

v5.0.0RC2

v5.0.0RC3

v5.0.0alpha1

v5.0.0beta1

v5.0.0beta2

v6.*

v6.0.0RC1

v6.0.0RC2

v6.0.0alpha2

v6.0.0beta2

v6.0.0beta3

v6.0.0beta4

v6.0.0beta5

v7.*

v7.0.0alpha2

v7.0.0beta1

v8.*

v8.0.0

v8.0.0RC1

v8.0.0RC2

v8.0.0alpha1

v8.0.0alpha2

v8.0.0beta1

v8.0.0beta2

v8.1.0alpha1

v8.1.0alpha2

v8.1.0beta1

v8.1.0beta2

v8.1RC2

v8.2RC1

v8.2beta1

v9.*

v9.0.0beta2

v9.0.1beta2

v9.0beta1

v9.1.0beta1

v9.1.0beta2