{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T06:59:12.204","vulnerabilities":[{"cve":{"id":"CVE-2022-29243","sourceIdentifier":"security-advisories@github.com","published":"2022-05-31T17:15:07.753","lastModified":"2024-11-21T06:58:47.517","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. Versions 22.2.7 and 23.0.4 contain a fix for this issue. There are currently no known workarounds available."},{"lang":"es","value":"Nextcloud Server es el software de servidor de archivos de Nextcloud, una plataforma de productividad auto alojada. En versiones anteriores a 22.2.7 y 23.0.4, una falta de comprobación del tamaño de la entrada de los nuevos nombres de sesión permite a usuarios crear contraseñas de aplicaciones con nombres largos. Estos nombres largos son cargados en la memoria durante el uso, resultando en un impacto en el rendimiento. Las versiones 22.2.7 y 23.0.4 contienen una correción para este problema. Actualmente no se presentan mitigaciones conocidas disponibles"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*","versionEndExcluding":"22.2.7","matchCriteriaId":"1569E72C-B9ED-4CED-ADBC-77DD1C02E1A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*","versionStartExcluding":"23.0.0","versionEndExcluding":"23.0.4","matchCriteriaId":"C7469702-2C54-4F44-A760-03601C53FBD4"}]}]}],"references":[{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7cwm-qph5-4h5w","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/nextcloud/server/pull/31658","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/1153138","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202208-17","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7cwm-qph5-4h5w","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/nextcloud/server/pull/31658","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/1153138","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202208-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}