Plattform
nextcloud
Komponente
globalsiteselector
Behoben in
1.1.1
2.0.1
2.2.1
2.4.1
CVE-2024-22212 describes an authentication bypass vulnerability within the Nextcloud Global Site Selector. This flaw allows an attacker to authenticate as another user, potentially gaining unauthorized access to sensitive data and system resources. The vulnerability impacts Nextcloud Global Site Selector versions 1.1.0 through 2.4.4. A fix is available in versions 1.4.1, 2.1.2, 2.3.4, and 2.4.5.
Successful exploitation of CVE-2024-22212 grants an attacker the ability to impersonate any user within the Nextcloud environment managed by the Global Site Selector. This can lead to unauthorized data access, modification, or deletion. The attacker could potentially gain administrative privileges, allowing them to compromise the entire Nextcloud instance. The scope of impact depends on the permissions granted to the impersonated user; a user with limited access will grant limited access to the attacker, while an administrator account provides full control. This vulnerability is particularly concerning given Nextcloud's widespread use for file sharing and collaboration, often containing sensitive business or personal data.
CVE-2024-22212 was publicly disclosed on January 18, 2024. Currently, there are no reports of active exploitation in the wild, but the vulnerability's critical severity and ease of exploitation suggest it is a high-priority target. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge, increasing the risk of exploitation.
Organizations utilizing Nextcloud with the Global Site Selector enabled are at risk. This includes businesses relying on Nextcloud for file sharing, collaboration, and document management. Specifically, environments with multiple Nextcloud instances managed by the Global Site Selector are particularly vulnerable, as the attacker can potentially pivot between instances after gaining access to one.
• php: Examine Nextcloud logs for unusual authentication patterns or failed login attempts followed by successful access.
grep "authentication failed" /path/to/nextcloud/data/nextcloud.log• generic web: Monitor access logs for requests targeting the Global Site Selector endpoint with unusual parameters.
grep "/global_site_selector/" /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
1.15% (78% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-22212 is to immediately upgrade the Nextcloud Global Site Selector to version 1.4.1, 2.1.2, 2.3.4, or 2.4.5. Due to the nature of the authentication bypass, there are no known workarounds beyond upgrading. If an immediate upgrade is not feasible due to compatibility issues or testing requirements, consider temporarily restricting access to the Global Site Selector functionality until the upgrade can be performed. Monitor Nextcloud logs for any suspicious authentication attempts or unusual user activity. After upgrading, verify the fix by attempting to authenticate with a different user account and confirming that the authentication bypass is no longer possible.
Aktualisieren Sie Nextcloud Global Site Selector auf Version 1.4.1, 2.1.2, 2.3.4 oder 2.4.5, oder eine spätere Version. Dies behebt die Authentifizierungs-Bypass-Schwachstelle. Es sind keine bekannten Workarounds verfügbar.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-22212 is a critical vulnerability in Nextcloud Global Site Selector allowing attackers to bypass authentication and impersonate other users, potentially gaining unauthorized access.
If you are using Nextcloud Global Site Selector versions 1.1.0–>= 2.4.0 < 2.4.5, you are affected by this vulnerability and must upgrade immediately.
Upgrade Nextcloud Global Site Selector to version 1.4.1, 2.1.2, 2.3.4, or 2.4.5. There are no known workarounds.
While there are no confirmed reports of active exploitation, the vulnerability's severity and ease of exploitation make it a high-priority target.
Refer to the official Nextcloud security advisory for detailed information and updates: [https://nextcloud.com/security/advisories/](https://nextcloud.com/security/advisories/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.