CVE-2022-31024

Summary

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories< 4.2.6affected
nextcloudsecurity-advisories>= 5.0.0, < 5.0.4affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control
  • CWE-346: CWE-346: Origin Validation Error

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References