CVE-2022-31024

MEDIUM

NextCloud Collabra <6.0.0, <5.0.4, <4.2.6 - Info Disclosure

Title source: llm

Description

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available.

References (3)

[Issue Tracking, Patch, Third Party Advisory] https://github.com/nextcloud/richdocuments/pull/2161

[Issue Tracking, Third Party Advisory] https://github.com/nextcloud/security-advisories/security/advisories/GHSA-94hr-7g4v-f53r

[Permissions Required] https://hackerone.com/reports/1210424

Scores

CVSS v3 6.5

EPSS 0.0014

EPSS Percentile 33.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-284 CWE-346

Status published

Affected Products (2)

nextcloud/richdocuments < 4.2.6

nextcloud/richdocuments

Timeline

Published Jun 02, 2022

Tracked Since Feb 18, 2026