Plateforme
nextcloud
Composant
globalsiteselector
Corrigé dans
1.1.1
2.0.1
2.2.1
2.4.1
CVE-2024-22212 describes an authentication bypass vulnerability within the Nextcloud Global Site Selector. This flaw allows an attacker to authenticate as another user, potentially gaining unauthorized access to sensitive data and system resources. The vulnerability impacts Nextcloud Global Site Selector versions 1.1.0 through 2.4.4. A fix is available in versions 1.4.1, 2.1.2, 2.3.4, and 2.4.5.
Successful exploitation of CVE-2024-22212 grants an attacker the ability to impersonate any user within the Nextcloud environment managed by the Global Site Selector. This can lead to unauthorized data access, modification, or deletion. The attacker could potentially gain administrative privileges, allowing them to compromise the entire Nextcloud instance. The scope of impact depends on the permissions granted to the impersonated user; a user with limited access will grant limited access to the attacker, while an administrator account provides full control. This vulnerability is particularly concerning given Nextcloud's widespread use for file sharing and collaboration, often containing sensitive business or personal data.
CVE-2024-22212 was publicly disclosed on January 18, 2024. Currently, there are no reports of active exploitation in the wild, but the vulnerability's critical severity and ease of exploitation suggest it is a high-priority target. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge, increasing the risk of exploitation.
Organizations utilizing Nextcloud with the Global Site Selector enabled are at risk. This includes businesses relying on Nextcloud for file sharing, collaboration, and document management. Specifically, environments with multiple Nextcloud instances managed by the Global Site Selector are particularly vulnerable, as the attacker can potentially pivot between instances after gaining access to one.
• php: Examine Nextcloud logs for unusual authentication patterns or failed login attempts followed by successful access.
grep "authentication failed" /path/to/nextcloud/data/nextcloud.log• generic web: Monitor access logs for requests targeting the Global Site Selector endpoint with unusual parameters.
grep "/global_site_selector/" /var/log/apache2/access.logdisclosure
Statut de l'Exploit
EPSS
1.15% (percentile 78%)
Vecteur CVSS
The primary mitigation for CVE-2024-22212 is to immediately upgrade the Nextcloud Global Site Selector to version 1.4.1, 2.1.2, 2.3.4, or 2.4.5. Due to the nature of the authentication bypass, there are no known workarounds beyond upgrading. If an immediate upgrade is not feasible due to compatibility issues or testing requirements, consider temporarily restricting access to the Global Site Selector functionality until the upgrade can be performed. Monitor Nextcloud logs for any suspicious authentication attempts or unusual user activity. After upgrading, verify the fix by attempting to authenticate with a different user account and confirming that the authentication bypass is no longer possible.
Mettez à jour Nextcloud Global Site Selector à la version 1.4.1, 2.1.2, 2.3.4 ou 2.4.5, ou à une version ultérieure. Cela corrige la vulnérabilité de contournement de l'authentification. Il n'existe pas de solutions de contournement connues.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-22212 is a critical vulnerability in Nextcloud Global Site Selector allowing attackers to bypass authentication and impersonate other users, potentially gaining unauthorized access.
If you are using Nextcloud Global Site Selector versions 1.1.0–>= 2.4.0 < 2.4.5, you are affected by this vulnerability and must upgrade immediately.
Upgrade Nextcloud Global Site Selector to version 1.4.1, 2.1.2, 2.3.4, or 2.4.5. There are no known workarounds.
While there are no confirmed reports of active exploitation, the vulnerability's severity and ease of exploitation make it a high-priority target.
Refer to the official Nextcloud security advisory for detailed information and updates: [https://nextcloud.com/security/advisories/](https://nextcloud.com/security/advisories/)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.