Wiz
Vulnerability DatabaseCVE-2022-24889

CVE-2022-24889
Linux Gentoo vulnerability analysis and mitigation

Overview

CVE-2022-24889 is a security vulnerability affecting Nextcloud Server, a file server software. The vulnerability was disclosed on April 27, 2022, affecting multiple versions of Nextcloud Server including versions prior to 21.0.8, 22.2.4, and 23.0.1. This vulnerability is related to the recommended applications installation process in Nextcloud Server (CERT-FR).

Technical details

The vulnerability is classified as CWE-345 and received a CVSS v3.1 score of 2.4 (Low severity). The CVSS metrics indicate it requires network access (AV:N), has low attack complexity (AC:L), requires high privileges (PR:H), requires user interaction (UI:R), has unchanged scope (S:U), no impact on confidentiality (C:N), low impact on integrity (I:L), and no impact on availability (A:N) (GitHub Advisory).

Impact

The vulnerability allows an attacker to trick administrators into enabling recommended apps for the Nextcloud server, potentially leading to unauthorized application installations. The impact is primarily focused on the integrity of the system's configuration (GitHub Advisory).

Mitigation and workarounds

The vulnerability has been patched in Nextcloud Server versions 21.0.8, 22.2.4, and 23.0.1. It is recommended to upgrade to these versions or newer to address the security issue. No workarounds are available for this vulnerability (GitHub Advisory).

Additional resources

SourceThis report was generated using AI

Related Linux Gentoo vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-13470HIGH7.7
  • Linux DebianLinux Debian
  • rnp
NoYesNov 21, 2025
CVE-2025-65018HIGH7.1
  • NixOSNixOS
  • java-1.8.0-openjdk-devel
NoYesNov 25, 2025
CVE-2025-64720HIGH7.1
  • NixOSNixOS
  • tkimg-debugsource
NoYesNov 25, 2025
CVE-2025-64506MEDIUM6.1
  • NixOSNixOS
  • libpng16-compat-devel-x86-64-v3
NoYesNov 25, 2025
CVE-2025-64505MEDIUM6.1
  • NixOSNixOS
  • java-17-openjdk-jmods-fastdebug
NoYesNov 25, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo