CVE-2022-31024
MEDIUMNextCloud Collabra <6.0.0, <5.0.4, <4.2.6 - Info Disclosure
Title source: llmDescription
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-94hr-7g4v-f53r
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/nextcloud/richdocuments/pull/2161
Permissions Required x_refsource_misc
https://hackerone.com/reports/1210424
Scores
CVSS v3
6.5
EPSS
0.0014
EPSS Percentile
33.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
CWE-346
Status
published
Products (2)
nextcloud/richdocuments
6.0.0 beta1
nextcloud/richdocuments
< 4.2.6
Published
Jun 02, 2022
Tracked Since
Feb 18, 2026