Platform
nextcloud
Component
globalsiteselector
Fixed in
1.1.1
2.0.1
2.2.1
2.4.1
CVE-2024-22212 describes an authentication bypass vulnerability within the Nextcloud Global Site Selector. This flaw allows an attacker to authenticate as another user, potentially gaining unauthorized access to sensitive data and system resources. The vulnerability impacts Nextcloud Global Site Selector versions 1.1.0 through 2.4.4. A fix is available in versions 1.4.1, 2.1.2, 2.3.4, and 2.4.5.
Successful exploitation of CVE-2024-22212 grants an attacker the ability to impersonate any user within the Nextcloud environment managed by the Global Site Selector. This can lead to unauthorized data access, modification, or deletion. The attacker could potentially gain administrative privileges, allowing them to compromise the entire Nextcloud instance. The scope of impact depends on the permissions granted to the impersonated user; a user with limited access will grant limited access to the attacker, while an administrator account provides full control. This vulnerability is particularly concerning given Nextcloud's widespread use for file sharing and collaboration, often containing sensitive business or personal data.
CVE-2024-22212 was publicly disclosed on January 18, 2024. Currently, there are no reports of active exploitation in the wild, but the vulnerability's critical severity and ease of exploitation suggest it is a high-priority target. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge, increasing the risk of exploitation.
Exploit Status
EPSS
1.15% (78% percentile)
CVSS Vector
The primary mitigation for CVE-2024-22212 is to immediately upgrade the Nextcloud Global Site Selector to version 1.4.1, 2.1.2, 2.3.4, or 2.4.5. Due to the nature of the authentication bypass, there are no known workarounds beyond upgrading. If an immediate upgrade is not feasible due to compatibility issues or testing requirements, consider temporarily restricting access to the Global Site Selector functionality until the upgrade can be performed. Monitor Nextcloud logs for any suspicious authentication attempts or unusual user activity. After upgrading, verify the fix by attempting to authenticate with a different user account and confirming that the authentication bypass is no longer possible.
Update Nextcloud Global Site Selector to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5, or a later version. This corrects the authentication bypass vulnerability. No workarounds are known.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-22212 is a critical vulnerability in Nextcloud Global Site Selector allowing attackers to bypass authentication and impersonate other users, potentially gaining unauthorized access.
If you are using Nextcloud Global Site Selector versions 1.1.0–>= 2.4.0 < 2.4.5, you are affected by this vulnerability and must upgrade immediately.
Upgrade Nextcloud Global Site Selector to version 1.4.1, 2.1.2, 2.3.4, or 2.4.5. There are no known workarounds.
While there are no confirmed reports of active exploitation, the vulnerability's severity and ease of exploitation make it a high-priority target.
Refer to the official Nextcloud security advisory for detailed information and updates: [https://nextcloud.com/security/advisories/](https://nextcloud.com/security/advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.