What is CVE-2022-31120?

CVE-2022-31120 is a low-severity vulnerability in Nextcloud Security-advisories, classified under CWE-778. CVSS score: 2.1/10. Published 2022-08-04.

How severe is CVE-2022-31120?

Low severity. CVSS v3 base score is 2.1 out of 10.

Vulnerability in Nextcloud Security-advisories

CVE-2022-31120

Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would al…

EPSS: 0.004 (60.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.1 (Low). Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N.

Affected products

Nextcloud Security-advisories — versions >= 23.0.0, < 23.0.4, < 22.2.7

Weakness classification (CWE)

CWE-778

References

github.com/nextcloud/security-advisories/security/advisories/GHSA-9qvg-7fwg-722x (x_refsource_CONFIRM)
github.com/nextcloud/server/pull/31594/commits/1d8bf9a89c6856218802a1d365000a58… (x_refsource_MISC)
portal.nextcloud.com/article/using-the-audit-log-44.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31120?: CVE-2022-31120 is a low-severity vulnerability in Nextcloud Security-advisories, classified under CWE-778. CVSS score: 2.1/10. Published 2022-08-04.
How severe is CVE-2022-31120?: Low severity. CVSS v3 base score is 2.1 out of 10.