CVE-2024-22212

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 18, 2024
Updated: Jan 26, 2024
CWE ID 306

Summary

CVE-2024-22212 is a critical vulnerability that affects Nextcloud Global Site Selector, a tool used to run multiple small Nextcloud instances and redirect users to the correct server. The vulnerability allows an attacker to authenticate as another user due to a problem in the password verification method. To remediate this issue, it is recommended to upgrade Nextcloud Global Site Selector to version 1.4.1, 2.1.2, 2.3.4, or 2.4.5. This vulnerability poses a high danger to organizations as it can lead to unauthorized access and compromise the confidentiality and integrity of sensitive data.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-22212 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options