1.1.1
2.0.1
2.2.1
2.4.1
CVE-2024-22212 describes an authentication bypass vulnerability within the Nextcloud Global Site Selector. This flaw allows an attacker to authenticate as another user, potentially gaining unauthorized access to sensitive data and system resources. The vulnerability impacts Nextcloud Global Site Selector versions 1.1.0 through 2.4.4. A fix is available in versions 1.4.1, 2.1.2, 2.3.4, and 2.4.5.
Successful exploitation of CVE-2024-22212 grants an attacker the ability to impersonate any user within the Nextcloud environment managed by the Global Site Selector. This can lead to unauthorized data access, modification, or deletion. The attacker could potentially gain administrative privileges, allowing them to compromise the entire Nextcloud instance. The scope of impact depends on the permissions granted to the impersonated user; a user with limited access will grant limited access to the attacker, while an administrator account provides full control. This vulnerability is particularly concerning given Nextcloud's widespread use for file sharing and collaboration, often containing sensitive business or personal data.
CVE-2024-22212 was publicly disclosed on January 18, 2024. Currently, there are no reports of active exploitation in the wild, but the vulnerability's critical severity and ease of exploitation suggest it is a high-priority target. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge, increasing the risk of exploitation.
Organizations utilizing Nextcloud with the Global Site Selector enabled are at risk. This includes businesses relying on Nextcloud for file sharing, collaboration, and document management. Specifically, environments with multiple Nextcloud instances managed by the Global Site Selector are particularly vulnerable, as the attacker can potentially pivot between instances after gaining access to one.
• php: Examine Nextcloud logs for unusual authentication patterns or failed login attempts followed by successful access.
grep "authentication failed" /path/to/nextcloud/data/nextcloud.log• generic web: Monitor access logs for requests targeting the Global Site Selector endpoint with unusual parameters.
grep "/global_site_selector/" /var/log/apache2/access.logdisclosure
漏洞利用状态
EPSS
1.15% (78% 百分位)
CVSS 向量
The primary mitigation for CVE-2024-22212 is to immediately upgrade the Nextcloud Global Site Selector to version 1.4.1, 2.1.2, 2.3.4, or 2.4.5. Due to the nature of the authentication bypass, there are no known workarounds beyond upgrading. If an immediate upgrade is not feasible due to compatibility issues or testing requirements, consider temporarily restricting access to the Global Site Selector functionality until the upgrade can be performed. Monitor Nextcloud logs for any suspicious authentication attempts or unusual user activity. After upgrading, verify the fix by attempting to authenticate with a different user account and confirming that the authentication bypass is no longer possible.
将 Nextcloud Global Site Selector 升级到版本 1.4.1、2.1.2、2.3.4 或 2.4.5,或更高版本。这修复了身份验证绕过漏洞。没有已知的解决方法。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-22212 is a critical vulnerability in Nextcloud Global Site Selector allowing attackers to bypass authentication and impersonate other users, potentially gaining unauthorized access.
If you are using Nextcloud Global Site Selector versions 1.1.0–>= 2.4.0 < 2.4.5, you are affected by this vulnerability and must upgrade immediately.
Upgrade Nextcloud Global Site Selector to version 1.4.1, 2.1.2, 2.3.4, or 2.4.5. There are no known workarounds.
While there are no confirmed reports of active exploitation, the vulnerability's severity and ease of exploitation make it a high-priority target.
Refer to the official Nextcloud security advisory for detailed information and updates: [https://nextcloud.com/security/advisories/](https://nextcloud.com/security/advisories/)