{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-39364","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","dateUpdated":"2025-04-22T17:17:00.586Z","dateReserved":"2022-09-02T00:00:00.000Z","datePublished":"2022-10-27T00:00:00.000Z"},"containers":{"cna":{"title":"Exception logging in Sharepoint app reveals clear-text connection details","providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2022-10-27T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`."}],"affected":[{"vendor":"nextcloud","product":"security-advisories","versions":[{"version":" < 22.2.10.5","status":"affected"},{"version":">= 23.0.0, < 23.0.9","status":"affected"},{"version":">= 24.0.0, < 24.0.5","status":"affected"}]}],"references":[{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpf5-jj85-36h5"},{"url":"https://github.com/nextcloud/sharepoint/issues/141"},{"url":"https://github.com/nextcloud/server/pull/33689"},{"url":"https://hackerone.com/reports/1652903"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-312: Cleartext Storage of Sensitive Information","cweId":"CWE-312"}]}],"source":{"advisory":"GHSA-qpf5-jj85-36h5","discovery":"UNKNOWN"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T12:00:44.215Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpf5-jj85-36h5","tags":["x_transferred"]},{"url":"https://github.com/nextcloud/sharepoint/issues/141","tags":["x_transferred"]},{"url":"https://github.com/nextcloud/server/pull/33689","tags":["x_transferred"]},{"url":"https://hackerone.com/reports/1652903","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-22T15:43:16.316445Z","id":"CVE-2022-39364","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-22T17:17:00.586Z"}}]}}