CVE-2022-39211

LOW

Nextcloud Server < 23.0.8 and Nextcloud Enterprise Server < 22.2.10.4 - Server-Side Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-39211. PoCs published by tomorroisnew.

Description

Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.

Exploits (1)

github NO CODE 2 stars

by tomorroisnew · poc

https://github.com/tomorroisnew/CVE/tree/main/CVE-2022-39211

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory x_refsource_confirm

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8

Patch, Third Party Advisory x_refsource_misc

https://github.com/nextcloud/server/pull/32988

Patch, Third Party Advisory x_refsource_misc

https://github.com/nextcloud/server/pull/33031

Scores

CVSS v3 3.0

EPSS 0.0071

EPSS Percentile 48.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (2)

nextcloud/nextcloud_enterprise_server < 22.2.10.4

nextcloud/nextcloud_server < 23.0.8

Published Sep 16, 2022

Tracked Since Feb 18, 2026