CVE-2022-35931

LOW

Nextcloud <22.2.10, <23.0.7, <24.0.3 - Info Disclosure

Title source: llm

Description

Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available.

References (2)

[Third Party Advisory] https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7mw-9q4r-8qwr

[Patch, Third Party Advisory] https://github.com/nextcloud/password_policy/pull/363

Scores

CVSS v3 2.7

EPSS 0.0023

EPSS Percentile 45.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-326 CWE-261

Status published

Products (1)

nextcloud/password_policy < 22.2.10

Published Sep 06, 2022

Tracked Since Feb 18, 2026