CVE Vulnerability

CVE-2022-35931

Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available.

2.7 /10

CVSS v3.0 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7mw-9q4r-8qwr Third Party Advisory
https://github.com/nextcloud/password_policy/pull/363 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:nextcloud:password_policy:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:password_policy:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:password_policy:*:*:*:*:*:*:*:*
Information

Published : 2022-09-06 06:15

Updated : 2022-09-09 02:34

NVD link : CVE-2022-35931

Mitre link : CVE-2022-35931

Products Affected
No products.
CWE
CWE-326

Inadequate Encryption Strength