Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available. https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9qvg-7fwg-722x https://github.com/nextcloud/server/pull/31594/commits/1d8bf9a89c6856218802a1d365000a5831be8655 https://portal.nextcloud.com/article/using-the-audit-log-44.html
Created nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2115695] Created nextcloud:nextcloud-18/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2115696] Affects: fedora-all [bug 2115702] Created nextcloud:nextcloud-19/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2115697] Affects: fedora-all [bug 2115703] Created nextcloud:nextcloud-20/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2115698] Affects: fedora-all [bug 2115704] Created nextcloud:nextcloud-21/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2115699] Affects: fedora-all [bug 2115705] Created nextcloud:nextcloud-22/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2115700] Affects: fedora-all [bug 2115707] Created nextcloud:nextcloud-stable/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2115701] Affects: fedora-all [bug 2115709]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.