CVE-2022-39211

LOW

Nextcloud Enterprise Server < 22.2.10.4 - SSRF

Title source: rule

Description

Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.

Exploits (1)

github NO CODE 2 stars

by tomorroisnew · poc

https://github.com/tomorroisnew/CVE/tree/main/CVE-2022-39211

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8

[Patch, Third Party Advisory] https://github.com/nextcloud/server/pull/32988

[Patch, Third Party Advisory] https://github.com/nextcloud/server/pull/33031

Scores

CVSS v3 3.0

EPSS 0.0023

EPSS Percentile 45.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (2)

nextcloud/nextcloud_enterprise_server < 22.2.10.4

nextcloud/nextcloud_server < 23.0.8

Published Sep 16, 2022

Tracked Since Feb 18, 2026